Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat JBoss BPMS 跨站请求伪造漏洞
Vulnerability Description
Red Hat JBoss BPM Suite是美国红帽(Red Hat)公司的一套集合了JBoss BRMS所有功能的业务流程管理平台。该平台可为建模、自动化、模拟化和业务流程监控提供额外支持。dashbuilder是其中的一个用于建立业务仪表板和报告的模块。 Red Hat JBoss BPMS 6.3.2版本中的dashbuilder中存在安全漏洞,该漏洞源于程序没有正确处理CSRF令牌生成。远程攻击者可通过获取旧令牌利用该漏洞绕过CSRF保护机制,或实施跨站请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A