Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Jboss Business Rules Management System
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8608 1 Redhat 2 Jboss Bpm Suite, Jboss Business Rules Management System 2024-11-21 3.5 LOW 5.4 MEDIUM
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins.
CVE-2011-2487 2 Apache, Redhat 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2010-3857 1 Redhat 1 Jboss Business Rules Management System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.