Security vulnerability in BPMS due to Cross Frame Scripting (XFS)
Issue
We had given the jbpm product to our security team. They have identified a cross frame scripting vulnerability in the product, as per the following report:
Cross Frame Scripting - version 2
Pages on the application are allowed to be captured within a frame from another server. This can be exploited by attackers by sending a forged link to a user. The link will be to a malicious page with this application captured in a frame. All activity by the user can be monitored and recorded by the attacker allowing the compromise of the username, password, or any other sensitive input the user enters.
Environment
- Red Hat JBoss BPM Suite
- 6.0.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
