| Vulnerability Name: | CVE-2012-3532 (CCN-83376) | ||||||||
| Assigned: | 2012-06-14 | ||||||||
| Published: | 2013-04-10 | ||||||||
| Updated: | 2013-04-15 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3532 Source: REDHAT Type: Vendor Advisory RHSA-2013:0733 Source: SECUNIA Type: Vendor Advisory 53005 Source: CCN Type: JBoss Web site JBoss Enterprise Portal Platform Source: BID Type: UNKNOWN 59015 Source: CCN Type: BID-59015 JBoss Enterprise Portal Platform GateIn Portal Multiple Cross Site Request Forgery Vulnerabilities Source: CCN Type: Red Hat Bugzilla Bug 851046 CVE-2012-3532 GateIn Portal: Cross Site Request Forgery Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=851046 Source: XF Type: UNKNOWN jboss-gateinportal-multiple-csrf(83376) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||