Vulnerability Details CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 8.1
References
- https://access.redhat.com/errata/RHSA-2022:6813
- https://access.redhat.com/security/cve/CVE-2022-1415
- https://bugzilla.redhat.com/show_bug.cgi?id=2065505
- https://access.redhat.com/errata/RHSA-2022:6813
- https://access.redhat.com/security/cve/CVE-2022-1415
- https://bugzilla.redhat.com/show_bug.cgi?id=2065505
Products affected by CVE-2022-1415
-
cpe:2.3:a:redhat:decision_manager:7.0
-
cpe:2.3:a:redhat:drools:7.69.0
-
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-
-
cpe:2.3:a:redhat:process_automation:7.0