It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance.
http://www.securitytracker.com/id/1033859
http://rhn.redhat.com/errata/RHSA-2015-1905.html
https://bugzilla.redhat.com/show_bug.cgi?id=1252885
http://rhn.redhat.com/errata/RHSA-2015-1906.html
https://issues.jboss.org/browse/WFCORE-594
http://rhn.redhat.com/errata/RHSA-2015-1907.html
http://rhn.redhat.com/errata/RHSA-2015-1908.html
http://rhn.redhat.com/errata/RHSA-2015-1904.html
https://access.redhat.com/security/cve/CVE-2015-5188
https://access.redhat.com/errata/RHSA-2015:1907
https://access.redhat.com/errata/RHSA-2015:1906