CVE-2009-4139

Spacewalk-java: spacewalk: red hat network satellite: spacewalk java: privilege escalation via cross-site request forgery

CVSS 6.8 MEDIUMEPSS 0.8%CWE-346

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.8EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 jul 2011Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Productos afectados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2009-4139 https://bugzilla.redhat.com/show_bug.cgi?id=529483 http://securitytracker.com/id?1025674 https://exchange.xforce.ibmcloud.com/vulnerabilities/68074 http://www.redhat.com/support/errata/RHSA-2011-0879.html