CVE-2017-2658

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss BPM Suite versions prior to 6.4.2 Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3

Description: A security issue was found in the Dashbuilder login page, which could be opened in an IFRAME. This allowed for the interception and manipulation of requests, making it possible for an attacker to trick a user into performing arbitrary actions in the Console through clickjacking.

Recommendations: For Red Hat JBoss BPM Suite versions prior to 6.4.2, update to version 6.4.2 or later to resolve the issue. For Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue.