Description
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
Related Vulnerabilities
CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-json
CVE-2018-1999045 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1000054 Vulnerability in maven package org.jvnet.hudson.plugins:ccm
CVE-2022-34158 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2023-40013 Vulnerability in npm package external-svg-loader