CVE-2013-6468

CWE-94Code Injection5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.5%
top 35.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat Jboss BPM SuiteRedhat Jboss Enterprise Brms Platform
Timeline
PublishedApr 10
Latest updateMay 17

Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cq66-gwxj-2wjq: JBoss Drools, Red Hat JBoss BRMS before 62022-05-17
CVEList
CVE-2013-6468: JBoss Drools, Red Hat JBoss BRMS before 62014-04-10

📋Vendor Advisories

1
Red Hat
Drools: Remote Java Code Execution in MVEL2014-04-03

💬Community

1
Bugzilla
CVE-2013-6468 Drools: Remote Java Code Execution in MVEL2014-01-09
CVE-2013-6468 (MEDIUM CVSS 6.5) | JBoss Drools | cvebase.io