It was found that JBoss A-MQ's Jolokia API does not have token or referrer checks, and could possibly allow a cross-site request forgery (CSRF) attack An attacker could use this vulnerability to run application code with the same permissions as an authenticated user ...