High severity8.8NVD Advisory· Published Sep 7, 2016· Updated May 6, 2026

CVE-2016-7034

Description

The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token.

Affected products

Red Hat/Jboss Bpm Suite
cpe:2.3:a:redhat:jboss_bpm_suite:6.3.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/92760nvdThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
rhn.redhat.com/errata/RHSA-2017-0557.htmlnvd
access.redhat.com/errata/RHSA-2018:0296nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000