8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.3%
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
[
{
"vendor": "Red Hat",
"product": "RHPAM 7.13.1 async",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Apache Camel for Spring Boot",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:camel_spring_boot:3"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat build of Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Decision Manager 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_brms_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel K",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:integration:1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Integration Camel Quarkus",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:camel_quarkus:2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Grid 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Data Virtualization 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_data_virtualization:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_fuse:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse 7",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unaffected",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat JBoss Fuse Service Works 6",
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"packageName": "drools-core",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:jboss_fuse_service_works:6"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat Process Automation 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "drools-core",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
]
}
]
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.3%