Redhat Jboss_bpm_suite
9 CVEs affecting Redhat Jboss_bpm_suite. Latest disclosed: 2017-11-09. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7501 | Critical | 9.8 | 2017-11-09 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x… |
CVE-2016-4999 | Critical | 9.8 | 2016-08-05 | SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before… |
CVE-2016-5401 | High | 8.8 | 2017-04-20 | Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests tha… |
CVE-2016-7034 | High | 8.8 | 2016-09-07 | The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, wh… |
CVE-2016-7033 | Medium | 6.1 | 2016-09-07 | Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitra… |
CVE-2016-5398 | Medium | 5.4 | 2016-10-03 | Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitra… |
CVE-2016-6344 | Medium | 5.3 | 2016-09-07 | Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for remote attackers to obta… |
CVE-2015-1818 | | 2015-08-11 | XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss… | |
CVE-2013-6468 | | 2014-04-10 | JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a… |