Security vulnerability in BPMS due to Cross Frame Scripting (XFS)

Issue

We had given the jbpm product to our security team. They have identified a cross frame scripting vulnerability in the product, as per the following report:

Cross Frame Scripting - version 2

Pages on the application are allowed to be captured within a frame from another server. This can be exploited by attackers by sending a forged link to a user. The link will be to a malicious page with this application captured in a frame. All activity by the user can be monitored and recorded by the attacker allowing the compromise of the username, password, or any other sensitive input the user enters.

Environment

Red Hat JBoss BPM Suite
- 6.0.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Select Your Language

Security vulnerability in BPMS due to Cross Frame Scripting (XFS)

Issue

Cross Frame Scripting - version 2

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Issue

Cross Frame Scripting - version 2

Environment

Subscriber exclusive content

Current Customers and Partners

New to Red Hat?

Using a Red Hat product through a public cloud?

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links