6.2 Medium
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
75.0%
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.
rhn.redhat.com/errata/RHSA-2012-1152.html
rhn.redhat.com/errata/RHSA-2012-1165.html
rhn.redhat.com/errata/RHSA-2012-1232.html
rhn.redhat.com/errata/RHSA-2013-0191.html
rhn.redhat.com/errata/RHSA-2013-0192.html
rhn.redhat.com/errata/RHSA-2013-0193.html
rhn.redhat.com/errata/RHSA-2013-0194.html
rhn.redhat.com/errata/RHSA-2013-0195.html
rhn.redhat.com/errata/RHSA-2013-0196.html
rhn.redhat.com/errata/RHSA-2013-0197.html
rhn.redhat.com/errata/RHSA-2013-0198.html
secunia.com/advisories/50230
secunia.com/advisories/50549
secunia.com/advisories/51984
www.osvdb.org/84530
www.securityfocus.com/bid/54915
bugzilla.redhat.com/show_bug.cgi?id=730176
exchange.xforce.ibmcloud.com/vulnerabilities/77549