CVE-2017-2658

EPSS 0.32%
Veröffentlicht 27.07.2018 18:29:01
Zuletzt bearbeitet 21.11.2024 03:23:55
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Bpm Suite Version < 6.4.2

Redhat ≫ Jboss Data Virtualization & Services Version < 6.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.541

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
secalert@redhat.com	2.6	1.2	1.4	CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2017-0557.html

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/97025

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:2243

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-2658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2658

EUVD