Описание
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | Drools | Affected | ||
| Red Hat JBoss BRMS 6 | Drools | Affected | ||
| Red Hat JBoss Fuse Service Works 6 | Drools | Not affected | ||
| Red Hat JBoss BPMS 6.0 | Fixed | RHSA-2014:0371 | 03.04.2014 | |
| Red Hat JBoss BRMS 6.0 | Fixed | RHSA-2014:0372 | 03.04.2014 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=1051261Drools: Remote Java Code Execution in MVEL
6.5 Medium
CVSS2
Связанные уязвимости
nvd
почти 12 лет назад
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
github
больше 3 лет назад
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
6.5 Medium
CVSS2