CVE-2009-4139

MEDIUM

Spacewalk Java site packages <5.4.1 - CSRF

Title source: llm
STIX 2.1

Description

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry
http://securitytracker.com/id?1025674
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2009-4139

Scores

CVSS v3 6.8
EPSS 0.0010
EPSS Percentile 27.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE
CWE-346 CWE-352
Status published
Products (6)
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
redhat/network_satellite_server 5.3.0
redhat/network_satellite_server 5.4.0
redhat/network_satellite_server 5.4.1
redhat/spacewalk-java 1.2.39
Published Jul 27, 2011
Tracked Since Feb 18, 2026