CVE-2018-19362

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb

9.8CRITICAL

CVE-2018-19361

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op

9.8CRITICAL

CVE-2018-19360

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax

9.8CRITICAL

CVE-2016-6343

>= 6.0.0 and < 6.4.2

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have priv

6.1MEDIUM

CVE-2016-8608

all versions

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for

5.4MEDIUM

CVE-2017-7463

>= 6.0.0 and < 6.4.3

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded

6.1MEDIUM

CVE-2017-2674

>= 6.0.0 and < 6.4.3

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to

6.1MEDIUM

CVE-2017-2658

< 6.4.2

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualiz

2.6LOW

CVE-2017-7545

all versions

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XM

6.5MEDIUM

CVE-2015-7501

all versions

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp

9.8CRITICAL

CVE-2016-5401

all versions

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authenticat

8.8HIGH

CVE-2016-5398

<= 6.3.2

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenti

5.4MEDIUM

CVE-2016-7034

all versions

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and inclu

8.8HIGH

CVE-2016-7033

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remot

6.1MEDIUM

CVE-2016-6344

all versions

Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a Set-Cookie header for session cookies, which makes it easier

5.3MEDIUM

CVE-2016-4999

all versions

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDiale

9.8CRITICAL

CVE-2015-1818

<= 6.1.0

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportM

CVE-2013-6468

all versions

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execu