Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
6.5CVSS
6.4AI Score
0.002EPSS
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showi...
5.4CVSS
5.4AI Score
0.001EPSS