Vulnerabilities > Redhat > Jboss BPM Suite

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-19362 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19361 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2019-01-02 CVE-2018-19360 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat CWE-502
critical
9.8
2018-10-31 CVE-2016-6343 Unspecified vulnerability in Redhat Jboss BPM Suite
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder.
network
low complexity
redhat
5.4
2018-08-01 CVE-2016-8608 Unspecified vulnerability in Redhat products
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor.
network
low complexity
redhat
5.4
2018-07-27 CVE-2017-7463 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload.
network
low complexity
redhat CWE-79
6.1
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
low complexity
redhat CWE-79
5.4
2018-07-27 CVE-2017-2658 Unspecified vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat
6.5
2018-07-26 CVE-2017-7545 XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files.
network
low complexity
redhat CWE-611
6.5
2017-11-09 CVE-2015-7501 Deserialization of Untrusted Data vulnerability in Redhat products
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
network
low complexity
redhat CWE-502
critical
9.8