Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

Related Vulnerabilities

CVE-2013-7398 Vulnerability in maven package com.ning:async-http-client

CVE-2016-6813 Vulnerability in maven package org.apache.cloudstack:cloudstack

CVE-2022-23619 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

CVE-2015-0250 Vulnerability in maven package batik:batik-transcoder

CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory