Question 1

What is CVE-2010-1428?

Accepted Answer

CVE-2010-1428 is a high-severity software vulnerability (CWE-749) with a CVSS score of 7.5. The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows r

Question 2

Is CVE-2010-1428 being actively exploited?

Accepted Answer

Yes — CVE-2010-1428 is in CISA's Known Exploited Vulnerabilities (KEV) catalog, so it is confirmed exploited in the wild and linked to ransomware campaigns. Patch affected products as a priority.

Question 3

What products does CVE-2010-1428 affect?

Accepted Answer

Tracked products affected include JBoss. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2010-1428?

Accepted Answer

This vulnerability is being actively exploited in the wild — patch affected products urgently. Upgrade affected products to a fixed version.

CVE-2010-1428

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information