Back to bug 1371807

Who When What Removed Added
Pavel Polischouk 2016-08-31 21:48:45 UTC Blocks 1372095
Jeremy Choi 2016-09-01 01:46:20 UTC Blocks 1372135
Andrej Nemec 2016-09-01 06:28:00 UTC CC anemec
Whiteboard impact=low,public=20160831,reported=20160831,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N,cwe=20,bpms-6/dashbuilder=affected impact=low,public=20160831,reported=20160831,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N,cwe=CWE-20,bpms-6/dashbuilder=affected
Pavel Polischouk 2016-10-18 20:05:49 UTC Whiteboard impact=low,public=20160831,reported=20160831,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N,cwe=CWE-20,bpms-6/dashbuilder=affected impact=low,public=20160831,reported=20160831,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N,cwe=CWE-20,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected
Pavel Polischouk 2016-10-18 20:05:56 UTC CC etirelli, kverlaen
Pavel Polischouk 2017-01-12 22:43:59 UTC Doc Text It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS.
Doc Type If docs needed, set a value Bug Fix
Pavel Polischouk 2017-01-12 22:59:38 UTC Blocks 1412839
Pavel Polischouk 2017-02-06 19:42:06 UTC Status NEW CLOSED
Resolution --- ERRATA
Last Closed 2017-02-06 14:42:06 UTC
Product Security DevOps Team 2019-09-29 13:55:15 UTC Whiteboard impact=low,public=20160831,reported=20160831,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,cvss3=4.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N,cwe=CWE-20,bpms-6/dashbuilder=affected,brms-6/dashbuilder=affected

Back to bug 1371807