Vulnerability Details CVE-2012-2734
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v2 Score 6.8
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78775
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78775
Products affected by CVE-2012-2734
-
cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2
-
cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1
-
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4
-
cpe:2.3:o:redhat:enterprise_mrg:2.0