CVE-2017-7463

6.1MEDIUM

Key Information:

Vendor
Red Hat
Status
Business-central
Vendor
CVE Published:
27 July 2018

Summary

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.

Affected Version(s)

business-central 6.4.3

References

https://access.redhat.com/errata/RHSA-2017:1217
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1218
vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/98385
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.