4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
68.2%
Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an
integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ,
is a standards compliant messaging system that is tailored for use in
mission critical applications.
Red Hat JBoss Fuse/A-MQ 6.0.0 patch 3 is an update to Red Hat JBoss Fuse
6.0.0 and Red Hat JBoss A-MQ 6.0.0, including bug fixes. Refer to the
readme file included with the patch files for information about these
fixes.
The following security issues are also resolved with this update:
Multiple stored cross-site scripting (XSS) flaws were found in the Fuse
Management Console. A remote attacker could use these flaws to perform an
XSS attack against other users of the Fuse Management Console.
(CVE-2013-4372)
All users of Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0 as
provided from the Red Hat Customer Portal are advised to apply this patch.