PT-2014-3130 · Red Hat · Red Hat Jboss Bpm Suite+2

Grégory Draperi

Publicado

2014-04-10

Atualizado

2014-04-11

CVE-2013-6468

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat JBoss BRMS versions prior to 6.0.1 Red Hat JBoss BPM Suite versions prior to 6.0.1 JBoss Drools (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary Java code. This can be achieved via either MVFLEX Expression Language (MVEL) or Drools expressions.

Recommendations For Red Hat JBoss BRMS versions prior to 6.0.1, update to version 6.0.1 or later. For Red Hat JBoss BPM Suite versions prior to 6.0.1, update to version 6.0.1 or later. For JBoss Drools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2013-6468

Produtos afetados

Jboss Drools

Red Hat Jboss Bpm Suite

Red Hat Jboss Brms

PT-2014-3130 · Red Hat · Red Hat Jboss Bpm Suite+2

CVE-2013-6468

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5