It was found that a flaw in hawtio could cause remote code execution via file upload. An attacker could use this vulnerability to upload crafted file which could be executed on target machine where hawtio is deployed.
Acknowledgments: Name: Hooman Broujerdi (Red Hat)
This issue has been addressed in the following products: Red Hat JBoss Fuse Via RHSA-2018:0319 https://access.redhat.com/errata/RHSA-2018:0319
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6 * Red Hat JBoss A-MQ 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.