Description
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/9e3391878c6840b294155f7ba6ccb47586e317f85c1bbd15c4608bd0%40%3Cdev.activemq.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb280e767ab199767e07a367f287ba08a9692fa76e2da4a20d50d07c4%40%3Cdev.activemq.apache.org%3E
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1248809
Scores
CVSS v3
8.8
EPSS
0.0063
EPSS Percentile
45.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (1)
redhat/amq
Published
Sep 25, 2017
Tracked Since
Feb 18, 2026