PT-2018-7163 · Red Hat · Red Hat Jboss Data Virtualization & Services+1
Pavel Polischouk
·
Published
2018-07-27
·
Updated
2023-02-12
·
CVE-2017-2658
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Red Hat JBoss BPM Suite versions prior to 6.4.2
Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3
Description:
A security issue was found in the Dashbuilder login page, which could be opened in an IFRAME. This allowed for the interception and manipulation of requests, making it possible for an attacker to trick a user into performing arbitrary actions in the Console through clickjacking.
Recommendations:
For Red Hat JBoss BPM Suite versions prior to 6.4.2, update to version 6.4.2 or later to resolve the issue.
For Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Bpm Suite
Red Hat Jboss Data Virtualization & Services