Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10899

Опубликовано: 01 авг. 2019
Источник: nvd
CVSS3: 8.1
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:jolokia:jolokia:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.6.1 (исключая)
Конфигурация 2
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02129
Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20
CWE-352

Связанные уязвимости

redhat логотип

CVE-2018-10899

CVSS3: 8.1
redhat
больше 6 лет назад

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.

github логотип

GHSA-xcxf-7q4p-cj26

CVSS3: 8.1
github
больше 3 лет назад

Cross-Site Request Forgery in Jolokia

EPSS

Процентиль: 84%
0.02129
Низкий

8.1 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20
CWE-352