Vulnerabilities > CVE-2017-2658 - Unspecified vulnerability in Redhat products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Vulnerable Configurations
Redhat
advisories |
|
References
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- http://www.securityfocus.com/bid/97025
- http://www.securityfocus.com/bid/97025
- https://access.redhat.com/errata/RHSA-2018:2243
- https://access.redhat.com/errata/RHSA-2018:2243
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658