XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
CVSS Score
7.5
EPSS Score
0.008
Published
2015-04-21