Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-7034

Опубликовано: 07 сент. 2016
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 14%
0.00045
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVSS3: 4.2
redhat
почти 9 лет назад

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

CVSS3: 8.8
github
больше 3 лет назад

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

EPSS

Процентиль: 14%
0.00045
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352