CVE-2009-4139

Spacewalk-java: spacewalk: red hat network satellite: spacewalk java: privilege escalation via cross-site request forgery

CVSS 6.8 MEDIUMEPSS 0.8%CWE-346

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Productos afectados

Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2009-4139 https://bugzilla.redhat.com/show_bug.cgi?id=529483 http://securitytracker.com/id?1025674 https://exchange.xforce.ibmcloud.com/vulnerabilities/68074 http://www.redhat.com/support/errata/RHSA-2011-0879.html