Vulnerabilities > Redhat > Jboss BPM Suite > 6.0.3

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2016-6343 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder.
network
low complexity
redhat CWE-79
5.4
5.4
2018-07-27 CVE-2017-2658 Improper Input Validation vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat CWE-20
6.5
6.5
2016-08-05 CVE-2016-4999 SQL Injection vulnerability in Redhat products
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
network
low complexity
redhat CWE-89
7.5
7.5