0.002 Low
EPSS
Percentile
64.8%
It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS.
bugzilla.redhat.com/show_bug.cgi?id=1371807