CVE-2005-2158 — Jbpm vulnerability

2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jboss Jbpm

Timeline

PublishedJul 6

Latest updateMay 1

Description

A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDjboss/jbpm2.0

Patches

Patch: www.illegalaccess.org ↗Patch: www.illegalaccess.org ↗

🔴Vulnerability Details

GHSA

GHSA-jqq3-hf48-hmvm: A regression error in the embedded HSQLDB in JBoss jBPM 2↗2022-05-01

▶