{"containers":{"cna":{"title":"Spacewalk-java: spacewalk: red hat network satellite: spacewalk java: privilege escalation via cross-site request forgery","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access."}],"affected":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhnsd","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhnsd","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:7"]}],"references":[{"url":"http://securitytracker.com/id?1025674"},{"url":"http://www.redhat.com/support/errata/RHSA-2011-0879.html"},{"url":"https://access.redhat.com/security/cve/CVE-2009-4139","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=529483"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68074"}],"datePublic":"2011-07-27T01:29:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-346","description":"Origin Validation Error","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-346: Origin Validation Error","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"timeline":[{"lang":"en","time":"2026-04-02T14:51:35.507Z","value":"Reported to Red Hat."},{"lang":"en","time":"2011-07-27T01:29:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-04-28T20:20:17.282Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-07T06:54:09.835Z"},"title":"CVE Program Container","references":[{"name":"1025674","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1025674"},{"name":"nss-spacewalk-csrf(68074)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68074"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=529483"},{"name":"RHSA-2011:0879","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://www.redhat.com/support/errata/RHSA-2011-0879.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2009-4139","datePublished":"2011-07-27T01:29:00.000Z","dateReserved":"2009-12-01T00:00:00.000Z","dateUpdated":"2026-04-28T20:20:17.282Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}