43 matches found
Dashbuilder: Lack of clickjacking protection on the login page
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
Dashbuilder: Reflected XSS
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
CVE-2016-6343
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...
CVE-2017-2658
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
bpms: stored XSS in dashbuilder
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...
CVE-2016-7034
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to 1 bypass CSRF protection mechanisms or 2 conduct cross-site request forgery CSRF attacks by...
CVE-2016-7033
Multiple cross-site scripting XSS vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7033
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder usually admins can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admi...
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
Sql injection
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
CVE-2016-4999
CVE-2016-4999 applies to Dashbuilder prior to 0.6.0.Beta1, where a SQL injection flaw exists in getStringParameterSQL (DefaultDialect.java) that can allow remote attackers to execute arbitrary SQL via a data set lookup filter in the Data Set Authoring or Displayer editor UI. Multiple records (NVD...
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...
Red Hat Dashbuilder SQL Injection Vulnerability
Red Hat Dashbuilder is an open source platform for building business dashboards and reports from Red Hat USA. A SQL injection vulnerability exists in Red Hat Dashbuilder, which can be exploited by an attacker to take full control of the program and access or modify data...
CVE-2016-4999
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.3.1 security and bug fix update
An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Dashbuilder: SQL Injection on data set lookup filters
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...
Dashbuilder: SQL Injection on data set lookup filters
A security flaw was found in the way Dashbuilder performed SQL datasets lookup requests in the Data Set Authoring UI or the Displayer editor UI. A remote attacker could use this flaw to conduct SQL injection attacks via specially-crafted string filter parameter...
Moderate: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.1.0 security update
Red Hat JBoss Data Virtualization 6.1.0 2015 roll up patch 3, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base scor...