Vulnerabilities > Redhat > Jboss BPM Suite > 6.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2016-6343 | Unspecified vulnerability in Redhat Jboss BPM Suite JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. | 5.4 |
| 2018-08-01 | CVE-2016-8608 | Unspecified vulnerability in Redhat products JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. | 5.4 |
| 2018-07-27 | CVE-2017-7463 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. | 6.1 |
| 2018-07-27 | CVE-2017-2674 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. | 5.4 |
| 2018-07-27 | CVE-2017-2658 | Unspecified vulnerability in Redhat products It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. | 6.5 |
| 2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2017-04-20 | CVE-2016-5401 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | 8.8 |
| 2016-10-03 | CVE-2016-5398 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | 5.4 |
| 2016-08-05 | CVE-2016-4999 | SQL Injection vulnerability in Redhat products SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | 9.8 |