Lucene search
K

43 matches found

RedHat Linux
RedHat Linux
added 2017/03/16 9:9 p.m.3 views

Dashbuilder: Lack of clickjacking protection on the login page

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

6.5CVSS5.9AI score0.0148EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/03/16 9:9 p.m.7 views

Dashbuilder: Reflected XSS

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

6.1CVSS6.1AI score0.0166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2017/03/16 8:18 p.m.31 views

CVE-2016-6343

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

6.1CVSS5.7AI score0.0166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/03/16 6:47 p.m.31 views

CVE-2017-2658

It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...

6.5CVSS6.6AI score0.0148EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/02/02 8:33 p.m.3 views

bpms: stored XSS in dashbuilder

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...

6.1CVSS5.8AI score0.01543EPSS
Exploits0References4
OSV
OSV
added 2016/09/07 6:59 p.m.3 views

CVE-2016-7034

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to 1 bypass CSRF protection mechanisms or 2 conduct cross-site request forgery CSRF attacks by...

8.8CVSS5.8AI score0.01126EPSS
Exploits0References4
OSV
OSV
added 2016/09/07 6:59 p.m.4 views

CVE-2016-7033

Multiple cross-site scripting XSS vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.01543EPSS
Exploits0References3
Prion
Prion
added 2016/09/07 6:59 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01543EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2016/09/06 4:48 a.m.28 views

CVE-2016-7033

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...

6.1CVSS5.4AI score0.01543EPSS
Exploits0References1
NVD
NVD
added 2016/08/05 3:59 p.m.32 views

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

9.8CVSS9.9AI score0.03653EPSS
Exploits0References6
OSV
OSV
added 2016/08/05 3:59 p.m.6 views

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

9.8CVSS9.9AI score
Exploits0References6
Prion
Prion
added 2016/08/05 3:59 p.m.27 views

Sql injection

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

7.5CVSS8.9AI score0.03653EPSS
Exploits0References6Affected Software3
CVE
CVE
added 2016/08/05 3:0 p.m.73 views

CVE-2016-4999

CVE-2016-4999 applies to Dashbuilder prior to 0.6.0.Beta1, where a SQL injection flaw exists in getStringParameterSQL (DefaultDialect.java) that can allow remote attackers to execute arbitrary SQL via a data set lookup filter in the Data Set Authoring or Displayer editor UI. Multiple records (NVD...

9.8CVSS9.9AI score0.03653EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2016/08/05 3:0 p.m.31 views

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

9.9AI score0.03653EPSS
Exploits0References6
CNVD
CNVD
added 2016/07/20 12:0 a.m.3 views

Red Hat Dashbuilder SQL Injection Vulnerability

Red Hat Dashbuilder is an open source platform for building business dashboards and reports from Red Hat USA. A SQL injection vulnerability exists in Red Hat Dashbuilder, which can be exploited by an attacker to take full control of the program and access or modify data...

9.8CVSS8.1AI score0.03653EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/07/14 8:59 p.m.27 views

CVE-2016-4999

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

9.8CVSS2.7AI score0.03653EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/07/14 5:54 p.m.32 views

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.3.1 security and bug fix update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.4AI score0.03653EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/07/14 5:54 p.m.7 views

Dashbuilder: SQL Injection on data set lookup filters

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

9.8CVSS5.8AI score0.03653EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/07/14 5:54 p.m.4 views

Dashbuilder: SQL Injection on data set lookup filters

A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...

9.8CVSS5.8AI score0.03653EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/09/02 4:28 p.m.45 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.1.0 security update

Red Hat JBoss Data Virtualization 6.1.0 2015 roll up patch 3, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

7.5CVSS5.7AI score0.02244EPSS
Exploits0References3
Rows per page
Query Builder