42 matches found
EUVD-2016-7918
Malware in sbrugna...
EUVD-2016-7270
Malware in sbrugna...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.12 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
CVE-2016-6343
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
CVE-2016-6343
CVE-2016-6343 affects Red Hat JBoss BPM Suite 6 (dashbuilder). A reflected XSS vulnerability allows an authenticated admin to click a malicious link at /dashbuilder/Controller and execute script code in the user’s browser. The issue relies on dashbuilder’s handling of input in that endpoint; expl...
CVE-2017-2658
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...
Design/Logic Flaw
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...
CVE-2017-2658
The CVE affects Red Hat JBoss BPM Suite <6.4.2 and JBoss Data Virtualization & Services
Dashbuilder: Reflected XSS
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
Dashbuilder: insecure handling of CSRF token
It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.7 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.5 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
Dashbuilder: Reflected XSS
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
CVE-2016-6343
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
Moderate: Red Hat Security Advisory: Red Hat JBoss BPM Suite security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
CVE-2016-5398
Cross-site scripting XSS vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes...
Cross site scripting
Cross-site scripting XSS vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes...
CVE-2016-5398
CVE-2016-5398 is a cross-site scripting (XSS) flaw in Red Hat JBoss BPM Suite (and BRMS) 6.x prior to 6.3.3, exploitable by remote authenticated users who can create business processes. The issue stems from an incomplete fix for this CVE, allowing stored scripts to be rendered to other users (inc...