CVE-2010-3878
Description
Cross-site request forgery (CSRF) vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files.
Risk Information
Base Score
3.1
MODERATE
Vector
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.136
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp01 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp02 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp03 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp04 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp05 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp06 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp07 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0 | Windows |
| Vulnerabilities CVE-2010-3708,CVE-2010-3862,CVE-2010-3878,CVE-2010-4265 are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp08 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234