CVE-2013-6468

Name of the Vulnerable Software and Affected Versions Red Hat JBoss BRMS versions prior to 6.0.1 Red Hat JBoss BPM Suite versions prior to 6.0.1 JBoss Drools (affected versions not specified)

Description The issue allows remote authenticated users to execute arbitrary Java code. This can be achieved via either MVFLEX Expression Language (MVEL) or Drools expressions.

Recommendations For Red Hat JBoss BRMS versions prior to 6.0.1, update to version 6.0.1 or later. For Red Hat JBoss BPM Suite versions prior to 6.0.1, update to version 6.0.1 or later. For JBoss Drools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.