It exists that the Dashbuilder login page as used in Red Hat JBoss BPM Suite prior to 6.4.2 and Red Hat JBoss Data Virtualization & Services prior to 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss data virtualization \\& services |
||
redhat jboss bpm suite |