Vulnerabilities > Redhat > Jboss BPM Suite > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-20 CVE-2016-5401 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite and Jboss Enterprise Brms Platform
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
network
low complexity
redhat CWE-352
8.8
2016-09-07 CVE-2016-7034 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss BPM Suite 6.3.2
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
network
low complexity
redhat CWE-352
8.8