Redhat Jboss Business Rules Management System vulnerabilities
3 known vulnerabilities affecting redhat/jboss_business_rules_management_system.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2011-2487MEDIUMCVSS 5.9v5.32020-03-11
CVE-2011-2487 [MEDIUM] CWE-327 CVE-2011-2487: The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache W
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
nvd
CVE-2010-3857MEDIUMCVSS 6.1fixed in 5.1.02019-11-12
CVE-2010-3857 [MEDIUM] CWE-79 CVE-2010-3857: JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
nvd
CVE-2016-8608MEDIUMCVSS 5.4v6.0.02018-08-01
CVE-2016-8608 [MEDIUM] CVE-2016-8608: JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
nvd