Stored XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-2674

6.1MEDIUM

Key Information:

Vendor

Red Hat
Status
Business-central
Vendor
CVE Published:
27 July 2018

What is CVE-2017-2674?

JBoss BRMS 6 and BPM Suite 6 prior to version 6.4.3 contain a vulnerability that allows remote authenticated attackers to inject malicious scripts through improperly sanitized user inputs when creating new lists in Business Central. This flaw can lead to the execution of the stored scripts when other users, including administrators, view these lists, posing significant security risks.

Affected Version(s)

business-central 6.4.3

References

https://access.redhat.com/errata/RHSA-2017:1217
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1218
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.