Red Hat Bugzilla – Bug 1357731
CVE-2016-5401 JBoss BPMS: CSRF in business-central
Last modified: 2018-02-15 10:56:40 EST
There is no CSRF token implemented in business-central so the CSRF attack is possible. Attackers are able to cause unwanted modificiation of the target's instance by leading the users who are trusted to a specially-crafted web page.
Name: Jeremy Choi (Red Hat Product Security Team)