Reflected XSS Vulnerability in JBoss BRMS and BPM Suite by Red Hat
CVE-2017-7463

6.1MEDIUM

Key Information:

Vendor
Red Hat
Status
Business-central
Vendor
CVE Published:
27 July 2018

Summary

JBoss BRMS and BPM Suite versions prior to 6.4.3 are susceptible to reflected Cross-Site Scripting (XSS) due to a flaw in the artifact upload functionality. When a malformed XML file is uploaded, the application fails to properly sanitize error messages, echoing parts of the submitted XML code back to the user. This lack of filtering allows attackers to embed malicious scripts, which can be executed in the context of the affected user's session, potentially leading to unauthorized actions and data breaches.

Affected Version(s)

business-central 6.4.3

References

https://access.redhat.com/errata/RHSA-2017:1217
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1218
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/98385
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.