Vulnerabilities > Redhat > Jboss BPM Suite > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-20 | CVE-2016-5401 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page. | 8.8 |
2016-09-07 | CVE-2016-7034 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite 6.3.2 The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | 8.8 |