The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-09-07T18:00:00

Updated: 2024-08-06T01:50:46.810Z

Reserved: 2016-08-23T00:00:00

Link: CVE-2016-7034

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-09-07T18:59:07.750

Modified: 2024-11-21T02:57:19.447

Link: CVE-2016-7034

cve-icon Redhat

Severity : Moderate

Publid Date: 2016-09-06T00:00:00Z

Links: CVE-2016-7034 - Bugzilla