CVE-2017-2658
published 2018-07-27CVE-2017-2658: It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | bpms | — | — |
| red_hat | jdv | — | — |
| redhat | jboss_bpm_suite | < 6.4.2 | 6.4.2 |
| redhat | jboss_data_virtualization_services | < 6.4.3 | 6.4.3 |