CPE-20800183-E92D-4E77-A3C5-4E7678B1FF23 Detail

CPE Details

Red Hat JBoss BPM 6.4

Vendor

redhat

Product

jboss_bpm_suite

Version

6.4

Created

2018-11-01
13h06 +00:00

Modified

2018-11-01
13h06 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.4:::::::*

Informations

Vendor

redhat

Product

jboss_bpm_suite

Version

6.4

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2016-6343	2018-10-31 12h00 +00:00	JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.	6.1	Medium
CVE-2017-2658	2018-07-27 16h00 +00:00	It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).	6.5	Medium
CVE-2017-2674	2018-07-27 16h00 +00:00	JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.	6.1	Medium
CVE-2017-7463	2018-07-27 16h00 +00:00	JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.	6.1	Medium
CVE-2017-7545	2018-07-26 13h00 +00:00	It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.	6.5	Medium

Red Hat JBoss BPM 6.4

CPE Details

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.4:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.4:::::::*