CVE-2016-7034 – Dashbuilder: insecure handling of CSRF token
https://notcve.org/view.php?id=CVE-2016-7034
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. El dashbuilder en Red Hat JBoss BPM Suite 6.3.2 no maneja adecuadamente tokens CSRF generados durante una sesión activa y los incluye en cadenas query, lo que facilita a atacantes remotos (1) eludir mecanismos de protección CSRF o (2) llevar a cabo ataques CSRF mediante la obteción de un token antiguo. It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web logs, and other sources. • http://rhn.redhat.com/errata/RHSA-2017-0557.html http://www.securityfocus.com/bid/92760 https://access.redhat.com/errata/RHSA-2018:0296 https://bugzilla.redhat.com/show_bug.cgi?id=1373347 https://access.redhat.com/security/cve/CVE-2016-7034 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2016-7033 – bpms: stored XSS in dashbuilder
https://notcve.org/view.php?id=CVE-2016-7033
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en las páginas de admin en dashbuilder en Red Hat JBoss BPM Suite 6.3.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder (usually admins) can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admins. • http://rhn.redhat.com/errata/RHSA-2017-0249.html http://www.securityfocus.com/bid/92762 https://bugzilla.redhat.com/show_bug.cgi?id=1373344 https://access.redhat.com/security/cve/CVE-2016-7033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •