Jboss Bpm Suite Security Vulnerabilities and Issues — Jboss Bpm Suite CVE List

Lucene search

RedhatJboss Bpm Suite

3 matches found

CVE•added 2016/09/07 6:59 p.m.•46 views

CVE-2016-6344

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.

5.3CVSS5.9AI score0.00458EPSS

CVE•added 2016/09/07 6:59 p.m.•39 views

CVE-2016-7033

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00347EPSS

CVE•added 2016/09/07 6:59 p.m.•36 views

CVE-2016-7034

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by o...

8.8CVSS8.9AI score0.00045EPSS