CVE-2013-6469

2014-04-2213:06:26

CWE-94

[email protected]

web.nvd.nist.gov

jboss overlord

rtgov

1.0

remote code execution

mvel

cve-2013-6469

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.8%

JSON

JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

redhatjboss_fuse_service_worksMatch6.0

redhatjboss_overlord_run_time_governanceMatch1.0jbossas

CPENameOperatorVersion
redhat:jboss_fuse_service_worksredhat jboss fuse service workseq6.0
redhat:jboss_overlord_run_time_governanceredhat jboss overlord run time governanceeq1.0

CPE	Name	Operator	Version
redhat:jboss_fuse_service_works	redhat jboss fuse service works	eq	6.0
redhat:jboss_overlord_run_time_governance	redhat jboss overlord run time governance	eq	1.0