Back to bug 1371801
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jeremy Choi | 2016-08-31 07:10:59 UTC | CC | security-response-team | |
| Jeremy Choi | 2016-08-31 07:43:17 UTC | Summary | EMBARGOED CVE-2016-6343 JBoss bpms 6.3.2 reflected XSS in dashbuilder | EMBARGOED CVE-2016-6343 JBoss bpms 6.3.x reflected XSS in dashbuilder |
| Pavel Polischouk | 2016-08-31 21:46:57 UTC | Blocks | 1372094 | |
| Jeremy Choi | 2016-09-01 01:46:14 UTC | Blocks | 1372135 | |
| Jeremy Choi | 2016-09-02 05:44:10 UTC | Whiteboard | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=79,bpms-6/dashbuilder=affected | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected |
| Pavel Polischouk | 2016-10-18 20:06:34 UTC | Whiteboard | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected |
| Pavel Polischouk | 2016-10-18 20:06:38 UTC | CC | etirelli, kverlaen | |
| Pavel Polischouk | 2016-12-15 16:10:11 UTC | Whiteboard | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected |
| Pavel Polischouk | 2016-12-29 21:30:27 UTC | CC | dgutierr | |
| Pavel Polischouk | 2017-03-01 22:53:03 UTC | Doc Text | JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Pavel Polischouk | 2017-03-06 20:02:03 UTC | Blocks | 1429673 | |
| Pavel Polischouk | 2017-03-16 20:02:12 UTC | Whiteboard | impact=moderate,public=no,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected | impact=moderate,public=20170316,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected |
| Pavel Polischouk | 2017-03-16 20:02:17 UTC | Summary | EMBARGOED CVE-2016-6343 JBoss bpms 6.3.x reflected XSS in dashbuilder | CVE-2016-6343 JBoss bpms 6.3.x reflected XSS in dashbuilder |
| Pavel Polischouk | 2017-03-16 20:02:22 UTC | Group | security, qe_staff | |
| Pavel Polischouk | 2017-03-16 21:29:19 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-03-16 17:29:19 UTC | |||
| Pavel Polischouk | 2017-07-11 18:16:24 UTC | Status | CLOSED | NEW |
| Resolution | ERRATA | --- | ||
| Keywords | Reopened | |||
| Pavel Polischouk | 2017-07-11 18:28:12 UTC | CC | felias, hchiorea, jolee, vhalbert | |
| Whiteboard | impact=moderate,public=20170316,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected | impact=moderate,public=20170316,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected,jdv-6/dashbuilder=affected | ||
| Pavel Polischouk | 2017-07-11 18:28:59 UTC | Summary | CVE-2016-6343 JBoss bpms 6.3.x reflected XSS in dashbuilder | CVE-2016-6343 Reflected XSS in dashbuilder |
| Pavel Polischouk | 2017-07-11 18:30:02 UTC | Summary | CVE-2016-6343 Reflected XSS in dashbuilder | CVE-2016-6343 Dashbuilder: Reflected XSS |
| Pavel Polischouk | 2017-07-11 18:31:02 UTC | Depends On | 1469739, 1469738 | |
| Pavel Polischouk | 2017-12-05 22:31:07 UTC | Blocks | 1521173 | |
| PnT Account Manager | 2017-12-07 23:57:53 UTC | CC | felias | |
| PnT Account Manager | 2018-01-30 20:39:33 UTC | CC | hchiorea | |
| PnT Account Manager | 2018-05-10 18:17:20 UTC | CC | pavelp | |
| Chess Hazlett | 2018-08-07 15:16:48 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-03-16 17:29:19 UTC | 2018-08-07 11:16:48 UTC | ||
| Product Security DevOps Team | 2019-09-29 13:55:15 UTC | Whiteboard | impact=moderate,public=20170316,reported=20160831,source=redhat,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N,cwe=CWE-79,bpms-6/dashbuilder=affected,brms-6/dashbuilder=notaffected,jdv-6/dashbuilder=affected |
Back to bug 1371801