CVE-2016-7034 in JBoss BPM Suite정보

요약

\~에 의해 MITRE

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2016. 08. 23.

공개

2016. 09. 07.

모더레이션

수락

항목

VDB-91380

CPE

준비됨

CWE

CWE-352 (확인됨)

CVSS

8.8 (NVD)

EPSS

0.00093

KEV

아니요

활동

매우 낮음

부문

Hospital, Telecommunication, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-7034
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-7034
CVE Details	https://www.cvedetails.com/cve/CVE-2016-7034/

◂ 이전 개요 다음 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!