Arbitrary Code Execution in JBoss Drools, Red Hat JBoss BRMS, and Red Hat JBoss BPM Suite

Arbitrary Code Execution in JBoss Drools, Red Hat JBoss BRMS, and Red Hat JBoss BPM Suite

CVE-2013-6468 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.

Learn more about our User Device Pen Test.