Known JBoss Vulnerability CVE-2010-0738 has been Patched in CM System 6.7 (RX-17101)

A known JBoss vulnerability <> in the version of JBoss that is used in Percussion CM System 6.7 has been patched.

NOTE: This vulnerability does not exist in Percussion CM System 7.0.3.

The patch can be downloaded from here:

Cumulative Patch #71 based on Rhythmyx 6.7 - 200906R01

Does this affect all 6.x version of the CM System?

Yes, this affects all versions of 6.x. and Percussion has patched 6.7 to resolve the issue. The vulnerability can really only be exploited by someone with malicious intent, usually if your CM System is served publicly. Also, if you are running on a CM System version older than 6.7 you should upgrade as soon as possible to CM System version 7.0.3, which has many other benefits and bug fixes, including many JBoss security fixes as Percussion has upgraded the version of JBoss in 7.0.3 to 4.2.