{"cve":{"cve_id":"CVE-2009-4139","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00821,"epss_percentile":0.52471,"epss_as_of":"2026-06-23","description":"A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileges by modifying existing user accounts to have administrator access.","published_at":"2011-07-27T01:29:00Z","last_modified_at":"2026-06-16T23:13:06.760000Z","cvss_v3_score":6.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-346"],"nvd_references":["http://securitytracker.com/id?1025674","http://www.redhat.com/support/errata/RHSA-2011-0879.html","https://access.redhat.com/security/cve/CVE-2009-4139","https://bugzilla.redhat.com/show_bug.cgi?id=529483","https://exchange.xforce.ibmcloud.com/vulnerabilities/68074"],"vuln_status":"Modified","trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:05:13.735489Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"network-satellite-server","product_name":"network_satellite_server","version_start":"5.3.0","version_start_inclusive":true,"version_end":"5.3.0","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:network_satellite_server:5.3.0:*:*:*:*:*:*:*"},{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"network-satellite-server","product_name":"network_satellite_server","version_start":"5.4.0","version_start_inclusive":true,"version_end":"5.4.0","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:network_satellite_server:5.4.0:*:*:*:*:*:*:*"},{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"network-satellite-server","product_name":"network_satellite_server","version_start":"5.4.1","version_start_inclusive":true,"version_end":"5.4.1","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:network_satellite_server:5.4.1:*:*:*:*:*:*:*"},{"vendor_slug":"redhat","vendor_name":"RedHat","product_slug":"spacewalk-java","product_name":"spacewalk-java","version_start":"1.2.39","version_start_inclusive":true,"version_end":"1.2.39","version_end_inclusive":true,"cpe23_uri":"cpe:2.3:a:redhat:spacewalk-java:1.2.39:*:*:*:*:*:*:*"}],"exploit_refs":[],"news":[],"references":[{"url":"http://securitytracker.com/id?1025674","source_type":"MISC","tags":[]},{"url":"http://www.redhat.com/support/errata/RHSA-2011-0879.html","source_type":"MISC","tags":[]},{"url":"https://access.redhat.com/security/cve/CVE-2009-4139","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=529483","source_type":"MISC","tags":[]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/68074","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2011-07-27T01:29:00Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-24T00:33:59.263324Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-24T00:33:59.263324Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-24T00:33:59.263324Z","label":"CVSS score revised","source":"cvelistv5"}]}