VYPR
Unrated severityNVD Advisory· Published Nov 23, 2012· Updated Jun 16, 2026

CVE-2011-2908

CVE-2011-2908

Description

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*range: <=5.2.1
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
    • (no CPE)range: <5.2.2
  • cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.