CVE-2017-2658

EPSS 0.32%
Published 27.07.2018 18:29:01
Last modified 21.11.2024 03:23:55
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Bpm Suite Version < 6.4.2

Redhat ≫ Jboss Data Virtualization & Services Version < 6.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.541

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
secalert@redhat.com	2.6	1.2	1.4	CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2017-0557.html

Vendor Advisory

Broken Link

http://www.securityfocus.com/bid/97025

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2018:2243

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-2658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2658

EUVD