Red Hat Bugzilla – Bug 1357731
CVE-2016-5401 JBoss BPMS: CSRF in business-central
Last modified: 2016-12-13 14:29:34 EST
There is no CSRF token implemented in business-central so the CSRF attack is possible. Attackers are able to cause unwanted modificiation of the target's instance by leading the users who are trusted to a specially-crafted web page.
Name: Jeremy Choi (Red Hat Product Security Team)