CVE-2013-6468

Red Hat JBoss BPM Suite and BRMS < 6.0.1 - Authenticated Remote Code Execution via MVFLEX or Drools Expression

Title source: llm
STIX 2.1

Description

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0371.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57719
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57716
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0372.html

Scores

EPSS 0.0195
EPSS Percentile 77.8%

Details

CWE
CWE-94
Status published
Products (3)
redhat/jboss_bpm_suite 6.0.0
redhat/jboss_drools
redhat/jboss_enterprise_brms_platform 6.0.0
Published Apr 10, 2014
Tracked Since Feb 18, 2026