Vulnerabilities > Redhat > Jboss BPM Suite > 6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-31 | CVE-2016-6343 | Unspecified vulnerability in Redhat Jboss BPM Suite JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. | 5.4 |
| 2018-07-27 | CVE-2017-7463 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. | 6.1 |
| 2018-07-27 | CVE-2017-2674 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. | 5.4 |
| 2018-07-27 | CVE-2017-2658 | Unspecified vulnerability in Redhat products It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. | 6.5 |
| 2018-07-26 | CVE-2017-7545 | XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. | 6.5 |