Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

Published

2023-09-11T21:15:41.483

Last Modified

2024-11-21T06:40:41.140

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-502
Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	decision_manager	7.0	Yes
Application	redhat	drools	7.69.0	Yes
Application	redhat	jboss_middleware_text-only_advisories	-	Yes
Application	redhat	process_automation	7.0	Yes

References

https://access.redhat.com/errata/RHSA-2022:6813 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-1415 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2065505 Issue Tracking, Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2022:6813 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2022-1415 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2065505 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)