CVE-2011-2908
Summary
| CVE | CVE-2011-2908 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-11-23 20:55:00 UTC |
| Updated | 2023-02-13 04:32:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| Security Advisory SA50230 - Red Hat update for JBoss Enterprise SOA and BRMS Platforms - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| 730176 – (CVE-2011-2908) CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia | SECUNIA | secunia.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| RHSA-2012:1152 | REDHAT | rhn.redhat.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE-2011-2908 - Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Security Advisory SA50549 - Red Hat update for JBoss Enterprise Portal Platform - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 84530 | OSVDB | www.osvdb.org | |
| RHSA-2012:1165 | REDHAT | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.