The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-07T18:00:00
Updated: 2024-08-06T01:50:46.810Z
Reserved: 2016-08-23T00:00:00
Link: CVE-2016-7034
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-09-07T18:59:07.750
Modified: 2024-11-21T02:57:19.447
Link: CVE-2016-7034
Redhat