It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| redhat | jboss_bpm_suite | 6.4.2 | - |
| redhat | jboss_data_virtualization_\&_services | 6.4.3 | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
2
Affected Products
8
References
redhat / jboss_bpm_suite
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Exploitability
Impact