Description
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
Related Vulnerabilities
CVE-2020-6460 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-34149 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2019-16303 Vulnerability in npm package generator-jhipster
CVE-2023-24815 Vulnerability in maven package io.vertx:vertx-web
CVE-2014-8114 Vulnerability in maven package org.uberfire:uberfire-server