CVE-2016-7034 in JBoss BPM Suiteinfo

Zusammenfassung

von MITRE

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

23.08.2016

Veröffentlichung

07.09.2016

Moderieren

akzeptiert

Eintrag

VDB-91380

CPE

bereit

CWE

CWE-352 (bestätigt)

CVSS

8.8 (NVD)

EPSS

0.00093

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Education, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-7034
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7034
CVE Details	https://www.cvedetails.com/cve/CVE-2016-7034/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!