CVE-2009-4139 MEDIUM

CVE-2009-4139: Spacewalk-java: spacewalk: red hat network satellite: spacewalk java: privilege escalation via cross-site request forgery

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-346 · Origin validation
Published July 27, 2011
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

Description

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.

Key dates

Disclosure timeline

July 27, 2011 CVE published
April 28, 2026 Record updated