PT-2018-7174 · Red Hat · Bpm Suite 6+2

Published

2018-07-27

Updated

2019-10-09

CVE-2017-2674

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3

Description: The issue is related to a stored XSS flaw in Business Central, specifically due to the lack of sanitation of user input when creating new lists. This allows remote, authenticated attackers with list creation privileges to store scripts in lists, which are then displayed to other users, including administrators, without proper sanitization.

Recommendations: For JBoss BRMS 6 and BPM Suite 6 versions prior to 6.4.3, update to version 6.4.3 or later to resolve the issue.

Fix

RCE

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-79

Related Identifiers

CVE-2017-2674

Affected Products

Bpm Suite 6

Business Central

Jboss Brms 6

PT-2018-7174 · Red Hat · Bpm Suite 6+2

CVE-2017-2674

Weakness Enumeration

Related Identifiers

Affected Products

References · 6