Learn about CVE-2017-2674, a vulnerability in JBoss BRMS and BPM Suite allowing stored XSS attacks through Business Central lists. Find mitigation steps and update information.
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to stored cross-site scripting (XSS) attacks through various lists in Business Central. This weakness allows authenticated attackers with specific permissions to inject scripts into lists, which are displayed unsanitized to other users, including administrators.
Understanding CVE-2017-2674
Versions of JBoss BRMS 6 and BPM Suite 6 earlier than 6.4.3 have a security flaw that enables stored XSS attacks through Business Central lists.
What is CVE-2017-2674?
The Impact of CVE-2017-2674
Technical Details of CVE-2017-2674
JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are susceptible to stored XSS attacks through Business Central lists.
Vulnerability Description
Affected Systems and Versions
Exploitation Mechanism
Mitigation and Prevention
To address CVE-2017-2674, follow these steps:
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates