Medium severity6.8NVD Advisory· Published Jul 27, 2011· Updated Apr 29, 2026

CVE-2009-4139

Description

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

Affected products

Red Hat/Network Satellite Server3 versions
cpe:2.3:a:redhat:network_satellite_server:5.3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:network_satellite_server:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:network_satellite_server:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:network_satellite_server:5.4.1:*:*:*:*:*:*:*
Red Hat/Spacewalk Java
cpe:2.3:a:redhat:spacewalk-java:1.2.39:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2011-0879.htmlnvdPatchVendor Advisory
securitytracker.com/idnvd
access.redhat.com/security/cve/CVE-2009-4139nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/68074nvd

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000