First published: Tue Aug 14 2018(Updated: )
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/wildfly-core | <7.1.6. | 7.1.6. |
JBoss Enterprise Application Platform | =7.0 | |
Red Hat Enterprise Linux Server | =6.0 | |
Red Hat Enterprise Linux Server | =7.0 | |
JBoss Enterprise Application Platform | =7.1.0 | |
Red Hat Single Sign-On | =7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10934 is a cross-site scripting (XSS) vulnerability that allows for potential exploitation by users with specific roles.
To mitigate CVE-2018-10934, users should update their JBoss Management Console to versions 7.1.6.CR1, 7.1.6.GA or later.
CVE-2018-10934 affects JBoss Management Console versions prior to 7.1.6.CR1 and 7.1.6.GA.
No, only users with roles that can create objects in the application can exploit CVE-2018-10934.
CVE-2018-10934 is classified as a cross-site scripting (XSS) vulnerability.