CPE-5A9BA29B-7B49-4D04-92A0-A8DFD12D97E2 Detail

CPE Details

Red Hat JBoss BPM Suite 6.3.2

Vendor

redhat

Product

jboss_bpm_suite

Version

6.3.2

Created

2016-09-12
16h25 +00:00

Modified

2016-09-12
16h25 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:::::::*

Informations

Vendor

redhat

Product

jboss_bpm_suite

Version

6.3.2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2016-6343	2018-10-31 12h00 +00:00	JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.	6.1	Medium
CVE-2017-2658	2018-07-27 16h00 +00:00	It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).	6.5	Medium
CVE-2017-2674	2018-07-27 16h00 +00:00	JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.	6.1	Medium
CVE-2017-7463	2018-07-27 16h00 +00:00	JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.	6.1	Medium
CVE-2016-5398	2016-10-03 16h00 +00:00	Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.	5.4	Medium
CVE-2016-7033	2016-09-07 16h00 +00:00	Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.	6.1	Medium
CVE-2016-7034	2016-09-07 16h00 +00:00	The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.	8.8	High

Red Hat JBoss BPM Suite 6.3.2

CPE Details

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:::::::*