It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Acknowledgments: Name: Martin Weiler (Red Hat)
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.4.2 Via RHSA-2017:0557 https://rhn.redhat.com/errata/RHSA-2017-0557.html
This issue has been addressed in the following products: Red Hat JBoss Data Virtualization Via RHSA-2018:2243 https://access.redhat.com/errata/RHSA-2018:2243