VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Nov 23, 2012· Updated Apr 29, 2026

CVE-2011-2908

CVE-2011-2908

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Affected products

8
  • Red Hat/Jboss Enterprise Brms Platform
    cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
  • Red Hat/Jboss Enterprise Portal Platform6 versions
    cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*range: <=5.2.1
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
  • Red Hat/Jboss Enterprise Soa Platform
    cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.