CVE-2013-6468

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Published: Apr 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6468
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
redhat / jboss_bpm_suite	6.0.0	6.0.0.x
redhat / jboss_enterprise_brms_platform	6.0.0	6.0.0.x

http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719

Vulnerability Database

289,599

CVE-2013-6468