CVE-2017-2658 Information

Feb 14, 2021 cve

Description

It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Reference

http://rhn.redhat.com/errata/RHSA-2017-0557.html http://www.securityfocus.com/bid/97025 https://access.redhat.com/errata/RHSA-2018:2243 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5

Share on: