CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
59.1%
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
[
{
"product": "BPMS",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "6.4.2"
}
]
},
{
"product": "JDV",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "6.4.3"
}
]
}
]