{"api_version":"1","generated_at":"2026-04-23T00:58:31+00:00","cve":"CVE-2011-2908","urls":{"html":"https://cve.report/CVE-2011-2908","api":"https://cve.report/api/cve/CVE-2011-2908.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-2908","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-2908"},"summary":{"title":"CVE-2011-2908","description":"Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2012-11-23 20:55:00","updated_at":"2023-02-13 04:32:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"https://access.redhat.com/errata/RHSA-2012:1165","name":"https://access.redhat.com/errata/RHSA-2012:1165","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://www.securityfocus.com/bid/54915","name":"54915","refsource":"BID","tags":[],"title":"JBoss Enterprise Application Platform Cross Site Request Forgery Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/50230","name":"50230","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA50230 - Red Hat update for JBoss Enterprise SOA and BRMS Platforms - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0194.html","name":"RHSA-2013:0194","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","name":"RHSA-2013:0193","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1232","name":"https://access.redhat.com/errata/RHSA-2012:1232","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2013:0198","name":"https://access.redhat.com/errata/RHSA-2013:0198","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0198.html","name":"RHSA-2013:0198","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","name":"RHSA-2013:0196","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2012:1152","name":"https://access.redhat.com/errata/RHSA-2012:1152","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","name":"RHSA-2013:0191","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730176","name":"https://bugzilla.redhat.com/show_bug.cgi?id=730176","refsource":"MISC","tags":[],"title":"730176 – (CVE-2011-2908) CVE-2011-2908 CSRF on jmx-console allows invocation of operations on mbeans","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0192","name":"https://access.redhat.com/errata/RHSA-2013:0192","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0196","name":"https://access.redhat.com/errata/RHSA-2013:0196","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","name":"RHSA-2013:0192","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","name":"RHSA-2013:0195","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/51984","name":"51984","refsource":"SECUNIA","tags":[],"title":"Security Advisory SA51984 - Red Hat update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0197","name":"https://access.redhat.com/errata/RHSA-2013:0197","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2013:0193","name":"https://access.redhat.com/errata/RHSA-2013:0193","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","name":"RHSA-2013:0197","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1152.html","name":"RHSA-2012:1152","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77549","name":"jboss-jmx-console-csrf(77549)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2011-2908","name":"https://access.redhat.com/security/cve/CVE-2011-2908","refsource":"MISC","tags":[],"title":"CVE-2011-2908 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0194","name":"https://access.redhat.com/errata/RHSA-2013:0194","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/50549","name":"50549","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA50549 - Red Hat update for JBoss Enterprise Portal Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","name":"RHSA-2012:1232","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0195","name":"https://access.redhat.com/errata/RHSA-2013:0195","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0191","name":"https://access.redhat.com/errata/RHSA-2013:0191","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/84530","name":"84530","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1165.html","name":"RHSA-2012:1165","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-2908","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-2908","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_brms_platform","cpe6":"5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"5.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"5.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"2908","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_soa_platform","cpe6":"5.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2011-2908","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-0191.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0191.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0192.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0192.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0193.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0193.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0194.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0194.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0195.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0195.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0196.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0196.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0197.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0197.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0198.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2013-0198.html"},{"url":"http://secunia.com/advisories/51984","refsource":"MISC","name":"http://secunia.com/advisories/51984"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1232.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1232.html"},{"url":"http://secunia.com/advisories/50549","refsource":"MISC","name":"http://secunia.com/advisories/50549"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1152.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1152.html"},{"url":"http://rhn.redhat.com/errata/RHSA-2012-1165.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2012-1165.html"},{"url":"http://secunia.com/advisories/50230","refsource":"MISC","name":"http://secunia.com/advisories/50230"},{"url":"http://www.osvdb.org/84530","refsource":"MISC","name":"http://www.osvdb.org/84530"},{"url":"http://www.securityfocus.com/bid/54915","refsource":"MISC","name":"http://www.securityfocus.com/bid/54915"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77549","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77549"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=730176","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=730176"}]}},"nvd":{"publishedDate":"2012-11-23 20:55:00","lastModifiedDate":"2023-02-13 04:32:00","problem_types":["CWE-352"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6},"severity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"2908","Ordinal":"50125","Title":"CVE-2011-2908","CVE":"CVE-2011-2908","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"2908","Ordinal":"1","NoteData":"Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"2908","Ordinal":"2","NoteData":"2012-11-23","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"2908","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}