CSRF Vulnerability in Hawtio by Red Hat
CVE-2017-7556

8.8HIGH

Key Information:

Vendor: Red Hat
Status: Hawtio
Vendor: CVE Published:; 17 August 2017

What is CVE-2017-7556?

Hawtio versions up to 1.5.3 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables remote attackers to manipulate user actions. By enticing users to visit a malicious website hosting a harmful script, an attacker can perform unauthorized actions on the Hawtio server on the user's behalf, compromising user data and system integrity. Vigilance is essential to safeguard against such threats, and updating to the latest version is recommended for enhanced security.

Affected Version(s)

hawtio up to and including 1.5.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=1480060

x_refsource_CONFIRM

http://www.securityfocus.com/bid/100411

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 17, 2017
Vulnerability Reserved
Apr 5, 2017