CVE-2012-3532

{"id": "CVE-2012-3532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-04-12T22:55:00.950", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-0733.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/53005", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/59015", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851046", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0733.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/53005", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/59015", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851046", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados (CSRF) en el componente Portal GateIn en JBoss Enterprise Portal Platform v5.2.2 y anteriores permite a atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos."}], "lastModified": "2024-11-21T01:41:04.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C9E6ECC-5F8D-4C30-ABD1-9E9652AD435B", "versionEndIncluding": "5.2.2"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC50B7E2-35A0-4D2B-8865-69EF15C7B31E"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3221242F-802E-418B-BC9D-CFA200D99171"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5472541F-ED83-4656-AE18-1642F571D294"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97165B18-1078-4215-94DA-0B6C4228056E"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D66D2843-0273-4A3A-A9D1-48BBB15031B7"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6572BFDD-0A35-48CC-99A1-2BDE27BABB62"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}