CVE-2013-6468
Red Hat JBoss BPM Suite and BRMS < 6.0.1 - Authenticated Remote Code Execution via MVFLEX or Drools Expression
Title source: llmDescription
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0371.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57719
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57716
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0372.html
Scores
EPSS
0.0195
EPSS Percentile
77.8%
Details
CWE
CWE-94
Status
published
Products (3)
redhat/jboss_bpm_suite
6.0.0
redhat/jboss_drools
redhat/jboss_enterprise_brms_platform
6.0.0
Published
Apr 10, 2014
Tracked Since
Feb 18, 2026