Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Data Virtualization Subscriptions

Search

Switch to Advanced Search (Beta)
Total 64 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-2658 1 Redhat 4 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization and 1 more 2024-11-21 N/A
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
CVE-2016-6814 2 Apache, Redhat 7 Groovy, Enterprise Linux, Enterprise Linux Server and 4 more 2024-11-21 N/A
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.
CVE-2016-6343 1 Redhat 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization 2024-11-21 N/A
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user.
CVE-2016-5397 2 Apache, Redhat 3 Thrift, Jboss Data Virtualization, Jboss Fuse 2024-11-21 N/A
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.