CVE-2014-0120

HIGH

Hawt.io < 1.2.2 - Cross-Site Request Forgery via Admin Terminal

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0116
EPSS Percentile 63.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
hawt/hawtio < 1.2.2
redhat/jboss_fuse 6.1.0 beta
Published Dec 29, 2017
Tracked Since Feb 18, 2026