148 matches found
Input validation
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
CVE-2015-7501
Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid JDG 6.x; Data Virtualization JDV 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works FSW 6.x; Operations Network JBoss ON 3.x; Portal 6.x; SOA Platform SOA-P 5.x; Web Server JWS 3.x;...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.6 security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.4.5 security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Red Hat JBoss BPM Suite BRMS Tasks List Cross-Site Scripting (CVE-2017-2674)
A cross-site scripting vulnerability exists in Red Hat JBoss BPM Suite and JBoss BRMS. The vulnerability is due to insufficient validation of user supplied input within the Tasks List component of business-central. An authenticated attacker can exploit this vulnerability by creating a malicious...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page...
CVE-2016-5401
Cross-site request forgery CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page...
CVE-2016-5401
Cross-site request forgery CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page...
CVE-2016-5401
Cross-site request forgery CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page...
CVE-2016-5401
CVE-2016-5401 is a CSRF vulnerability in Red Hat JBoss BRMS and BPMS 6. The flaw allows remote attackers to hijack user authentication to perform state-changing requests on the affected application via a crafted web page. Connected sources confirm the affected products are JBoss BRMS/BPMS 6, but ...
CVE-2017-7463
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...
CVE-2017-2674
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2016-8608
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before...
Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2016-7033
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...