Redhat Jboss Bpm Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Bpm Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2018-19362 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the…
CVE-2018-19360 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the…
CVE-2015-7501 — CVSS 9.8 (critical): Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise…
CVE-2016-4999 — CVSS 9.8 (critical): SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java…
CVE-2018-19361 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa…
CVE-2016-7034 — CVSS 8.8 (high): The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them…
CVE-2016-5401 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of…
CVE-2015-1818 — CVSS 7.5 (high): XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl…
CVE-2017-7545 — CVSS 6.5 (medium): It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files…
CVE-2013-6468 — CVSS 6.5 (medium): JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute…
CVE-2017-2674 — CVSS 6.1 (medium): JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of…
CVE-2016-7033 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote…
CVE-2017-7463 — CVSS 6.1 (medium): JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes…
CVE-2016-6343 — CVSS 6.1 (medium): JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to…
CVE-2016-8608 — CVSS 5.4 (medium): JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for…
CVE-2016-5398 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated…
CVE-2016-6344 — CVSS 5.3 (medium): Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier for…
CVE-2017-2658 — CVSS 2.6 (low): It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization &…