Jboss Bpm Suite Security Vulnerabilities and Issues — Jboss Bpm Suite CVE List

Lucene search

RedhatJboss Bpm Suite

2 matches found

CVE•added 2017/04/20 9:59 p.m.•39 views

CVE-2016-5401

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.

8.8CVSS8.8AI score0.0013EPSS

CVE•added 2016/09/07 6:59 p.m.•36 views

CVE-2016-7034

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by o...

8.8CVSS8.9AI score0.00045EPSS