Bug 1439823 (CVE-2017-7463)
| Summary: | CVE-2017-7463 business-central: Reflected XSS in artifact upload error message | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | alazarot, etirelli, jcoleman, kverlaen, lpetrovi, mbaluch, mwinkler, nwallace, pavelp, rrajasek, rzhang, tkirby |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | BPMS 6.4.3, BRMS 6.4.3 | Doc Type: | Bug Fix |
| Doc Text: |
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-05-10 00:30:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1438631, 1439826, 1447756 | ||
|
Description
Adam Mariš
2017-04-06 15:11:51 UTC
Acknowledgments: Name: Chris Hebert, Vikas Pandey, Harold Schliesske, Ryan Stanley (Noblis) This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.4.3 Via RHSA-2017:1218 https://access.redhat.com/errata/RHSA-2017:1218 This issue has been addressed in the following products: Red Hat JBoss BRMS 6.4.3 Via RHSA-2017:1217 https://access.redhat.com/errata/RHSA-2017:1217 |