Vulnerabilities > Redhat > Jboss BPM Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-31 CVE-2016-6343 Unspecified vulnerability in Redhat Jboss BPM Suite
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder.
network
low complexity
redhat
5.4
2018-08-01 CVE-2016-8608 Unspecified vulnerability in Redhat products
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor.
network
low complexity
redhat
5.4
2018-07-27 CVE-2017-7463 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload.
network
low complexity
redhat CWE-79
6.1
2018-07-27 CVE-2017-2674 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central.
network
low complexity
redhat CWE-79
5.4
2018-07-27 CVE-2017-2658 Unspecified vulnerability in Redhat products
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests.
network
low complexity
redhat
6.5
2018-07-26 CVE-2017-7545 XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files.
network
low complexity
redhat CWE-611
6.5
2016-10-03 CVE-2016-5398 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
network
low complexity
redhat CWE-79
5.4
2016-09-07 CVE-2016-7033 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite 6.3.2
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
2016-09-07 CVE-2016-6344 Information Exposure vulnerability in Redhat Jboss BPM Suite 6.3
Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies.
network
low complexity
redhat CWE-200
5.3