Advisory Published

RHSA-2014:0819: Important: Red Hat JBoss BPM Suite 6.0.2 update

First published: Mon Jun 30 2014(Updated: )

Red Hat JBoss BPM Suite is a business rules and processes management system<br>for the management, storage, creation, modification, and deployment of<br>JBoss rules and BPMN2-compliant business processes.<br>This release of Red Hat JBoss BPM Suite 6.0.2 serves as a replacement for<br>Red Hat JBoss BPM Suite 6.0.1, and includes bug fixes and enhancements.<br>Refer to the Red Hat JBoss BPM Suite 6.0.2 Release Notes for information<br>on the most significant of these changes. The Release Notes will be<br>available shortly at<br><a href="https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/" target="_blank">https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_BPM_Suite/</a> The following security issues are fixed with this release:<br>It was found that the secure processing feature of Xalan-Java had<br>insufficient restrictions defined for certain properties and features. A<br>remote attacker able to provide Extensible Stylesheet Language<br>Transformations (XSLT) content to be processed by an application using<br>Xalan-Java could use this flaw to bypass the intended constraints of the<br>secure processing feature. Depending on the components available in the<br>classpath, this could lead to arbitrary remote code execution in the<br>context of the application server running the application that uses<br>Xalan-Java. (CVE-2014-0107)<br>It was found that the ServerTrustManager in the Smack XMPP API did not<br>verify basicConstraints and nameConstraints in X.509 certificate chains. A<br>man-in-the-middle attacker could use this flaw to spoof servers and obtain<br>sensitive information. (CVE-2014-0363)<br>It was found that the ParseRoster component in the Smack XMPP API did not<br>verify the From attribute of a roster-query IQ stanza. A remote attacker<br>could use this flaw to spoof IQ responses. (CVE-2014-0364)<br>All users of Red Hat JBoss BPM Suite 6.0.1 as provided from the Red Hat<br>Customer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.2.

Affected SoftwareAffected VersionHow to fix
Red Hat JBoss BPM Suite

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of RHSA-2014:0819?

    The severity of RHSA-2014:0819 is classified as important.

  • How do I fix RHSA-2014:0819?

    To fix RHSA-2014:0819, update to the latest version of Red Hat JBoss BPM Suite as recommended in the advisory.

  • What vulnerabilities are addressed in RHSA-2014:0819?

    RHSA-2014:0819 addresses multiple security vulnerabilities within the JBoss BPM Suite that could allow for privilege escalation and data access.

  • Is RHSA-2014:0819 applicable to all versions of JBoss BPM Suite?

    No, RHSA-2014:0819 specifically pertains to version 6.0.2 of the Red Hat JBoss BPM Suite.

  • What are the potential impacts of not addressing RHSA-2014:0819?

    Failing to address RHSA-2014:0819 may leave your JBoss BPM Suite vulnerable to exploitation, leading to unauthorized access and potential data breaches.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203