Red Hat · Jbpm · CVE-2014-8125
**Name of the Vulnerable Software and Affected Versions**
Drools and jBPM versions prior to 6.2.0
**Description**
The issue is related to an XML external entity (XXE) vulnerability. This vulnerability allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
**Recommendations**
For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.