CVE-2012-3532 : Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component i

Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published 2013-04-12 22:55:01

Updated 2013-04-15 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2012-3532

Redhat » Jboss Enterprise Portal Platform
Versions up to, including, (<=) 5.2.2
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.0.1
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.0.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.1.1
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.1.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.2.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 4.3.0
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Portal Platform » Version: 5.2.1
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-3532

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3532

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-3532

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3532

https://bugzilla.redhat.com/show_bug.cgi?id=851046

851046 – (CVE-2012-3532) CVE-2012-3532 GateIn Portal: Cross Site Request Forgery
http://rhn.redhat.com/errata/RHSA-2013-0733.html

RHSA-2013:0733 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://www.securityfocus.com/bid/59015

JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities

Jump to

Vulnerability Details : CVE-2012-3532

Products affected by CVE-2012-3532

Exploit prediction scoring system (EPSS) score for CVE-2012-3532

CVSS scores for CVE-2012-3532

CWE ids for CVE-2012-3532

References for CVE-2012-3532