It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console (clickjacking).
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0557.html | Broken Link Vendor Advisory |
http://www.securityfocus.com/bid/97025 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2018:2243 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2658 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-27T18:00:00
Updated: 2018-07-28T09:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2658
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-27T18:29:01.187
Modified: 2023-02-12T23:29:39.463
Link: CVE-2017-2658
JSON object: View
Redhat Information
No data.
CWE