A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
Max Base Score
8.8
Published
2019-08-01
Updated
2021-08-04
EPSS
0.92%
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
Max Base Score
6.8
Published
2014-10-06
Updated
2014-10-07
EPSS
0.18%
2 vulnerabilities found