Vulnerability Details CVE-2009-4139
A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.9%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 6.8
References
- http://securitytracker.com/id?1025674
- http://www.redhat.com/support/errata/RHSA-2011-0879.html
- https://access.redhat.com/security/cve/CVE-2009-4139
- https://bugzilla.redhat.com/show_bug.cgi?id=529483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68074
- http://securitytracker.com/id?1025674
- http://www.redhat.com/support/errata/RHSA-2011-0879.html
- https://bugzilla.redhat.com/show_bug.cgi?id=529483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68074
Products affected by CVE-2009-4139
-
cpe:2.3:a:redhat:network_satellite_server:5.3.0
-
cpe:2.3:a:redhat:network_satellite_server:5.4.0
-
cpe:2.3:a:redhat:network_satellite_server:5.4.1
-
cpe:2.3:a:redhat:spacewalk-java:1.2.39