Jolokia Cross-Site Request Forgery Vulnerabiity

By GIXnews


A vulnerability in the Jolokia agent could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on a targeted system.

The vulnerability is due to improper security restrictions that are imposed by the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. A successful exploit could allow the attacker to conduct a CSRF attack, which the attacker could use to perform unauthorized actions on the targeted system.

Jolokia has confirmed this vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-10899

Source:: Cisco Multivendor Vulnerability Alerts