Red Hat JBoss BPM Suite 6.4.2

CPE Details

Red Hat JBoss BPM Suite 6.4.2
redhat
jboss_bpm_suite
6.4.2
2018-09-25
14h26 +00:00
2021-05-07
13h01 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss_bpm_suite:6.4.2:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_bpm_suite

Version

6.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2017-2674 2018-07-27 16h00 +00:00 JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins.
6.1
Medium
CVE-2017-7463 2018-07-27 16h00 +00:00 JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
6.1
Medium