CVE-2022-1415
Drools: unsafe data deserialization in streamutils
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
| CWE | CWE-502 |
| Vendor | red hat |
| Product | rhpam 7.13.1 async |
| Published | Sep 11, 2023 |
| Last Updated | Sep 25, 2024 |
Stay Ahead of the Next One
Get instant alerts for red hat rhpam 7.13.1 async
Be the first to know when new high vulnerabilities affecting red hat rhpam 7.13.1 async are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
Red Hat / RHPAM 7.13.1 async
All versions affected Red Hat / Red Hat build of Apache Camel for Spring Boot
All versions affected Red Hat / Red Hat build of Quarkus
All versions affected Red Hat / Red Hat Decision Manager 7
All versions affected Red Hat / Red Hat Integration Camel K
All versions affected Red Hat / Red Hat Integration Camel Quarkus
All versions affected Red Hat / Red Hat JBoss Data Grid 7
All versions affected Red Hat / Red Hat JBoss Data Virtualization 6
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 6
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected Red Hat / Red Hat JBoss Fuse 6
All versions affected Red Hat / Red Hat JBoss Fuse 7
All versions affected Red Hat / Red Hat JBoss Fuse Service Works 6
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected References
Credits
Red Hat would like to thank Paulino Calderon (Websec) for reporting this issue.