CVE-2017-2658
2.6
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | BPMS | 6.4.2 | affected |
| Red Hat | JDV | 6.4.3 | affected |
Weaknesses
- CWE-20: CWE-20
ADP Enrichment
CVE Program Container
Additional References
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- https://access.redhat.com/errata/RHSA-2018:2243
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658
- http://www.securityfocus.com/bid/97025
References
- http://rhn.redhat.com/errata/RHSA-2017-0557.html
- https://access.redhat.com/errata/RHSA-2018:2243
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658
- http://www.securityfocus.com/bid/97025
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.