CVE-2010-0738 — Red Hat JBoss Authentication Bypass Vulnerability
2022-05-25 • CISA Known Exploited Vulnerability
[event] The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Red Hat |
| Product | JBoss |
| CWE | CWE-264 |
| CVE ID | CVE-2010-0738 |
| Date Added | 2022-05-25 |
| Due Date | 2022-06-15 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-15