PT-2014-3131 · Mozilla+1 · Mvel+1
Pavel Polischouk
·
Published
2014-04-21
·
Updated
2023-02-13
·
CVE-2013-6469
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JBoss Overlord Run Time Governance (RTGov) version 1.0 for JBossAS
Description
The issue allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression.
Recommendations
For JBoss Overlord Run Time Governance (RTGov) version 1.0 for JBossAS, consider restricting access to MVEL expressions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jboss Overlord Run Time Governance
Mvel