Vulnerability Description
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Bpm Suite | 6.0.0 |
| Redhat | Jboss Drools | - |
| Redhat | Jboss Enterprise Brms Platform | 6.0.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-0371.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0372.htmlVendor Advisory
- http://secunia.com/advisories/57716Vendor Advisory
- http://secunia.com/advisories/57719Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0371.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0372.htmlVendor Advisory
- http://secunia.com/advisories/57716Vendor Advisory
- http://secunia.com/advisories/57719Vendor Advisory
FAQ
What is CVE-2013-6468?
CVE-2013-6468 is a vulnerability with a CVSS score of 6.5 (MEDIUM). JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or ...
How severe is CVE-2013-6468?
CVE-2013-6468 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6468?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Bpm Suite, Redhat Jboss Drools, Redhat Jboss Enterprise Brms Platform.