CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.8CVSS9.4AI score0.9026EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2024/04/17 8:25 a.m.•32 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality...

8.8CVSS7.9AI score0.00825EPSS

Exploits0Affected Software1

RedhatCVE•added 2023/11/10 9:44 p.m.•62 views

CVE-2021-41411

A flaw was found in the XML external entity injection vulnerability in the KieModuleMarshaller.java module of drools-compiler. This issue may lead to the disclosure of sensitive information...

9.8CVSS9.3AI score0.00301EPSS

Exploits0References3

OSV•added 2023/09/11 9:30 p.m.•24 views

GHSA-M5Q8-58WH-XXQ4 Drools Core Deserialization of Untrusted Data vulnerability

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

6.8CVSS8.2AI score0.00825EPSS

Exploits0References4

OSV•added 2023/09/11 9:15 p.m.•17 views

CVE-2022-1415

8.8CVSS7.3AI score0.00825EPSS

Exploits0References3

ATTACKERKB•added 2023/09/11 9:15 p.m.•2 views

CVE-2022-1415

8.8CVSS7.1AI score0.00825EPSS

Exploits0References4

NVD•added 2023/09/11 9:15 p.m.•15 views

CVE-2022-1415

8.8CVSS8.4AI score0.00825EPSS

Exploits0References3

Prion•added 2023/09/11 9:15 p.m.•25 views

Design/Logic Flaw

6.5CVSS8.6AI score0.00825EPSS

Exploits0References3Affected Software3

CVE•added 2023/09/11 8:20 p.m.•222 views

CVE-2022-1415

CVE-2022-1415 corresponds to Drools core deserialization vulnerability. Affected component: KIE Drools (Drools core) where improper safeguards during data deserialization allow an authenticated attacker to craft serialized objects (gadgets) and execute arbitrary code on the server. Documented imp...

8.8CVSS8.3AI score0.00825EPSS

Exploits0References3Affected Software4

Cvelist•added 2023/09/11 8:20 p.m.•27 views

CVE-2022-1415 Drools: unsafe data deserialization in streamutils

8.1CVSS8.9AI score0.00825EPSS

Exploits0References3

Vulnrichment•added 2023/09/11 8:20 p.m.•20 views

CVE-2022-1415 Drools: unsafe data deserialization in streamutils

8.1CVSS6.9AI score0.00825EPSS

Exploits0References3

IBM Security Bulletins•added 2023/06/23 10:40 a.m.•25 views

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related KIE Drools

Summary Vulnerability in KIE Drools could allow a remote authenticated attacker to execute arbitrary code may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2022-1415 DESCRIPTION: KIE Drools could allow a remote authenticated attacker to execute arbitrary code on the system, caused ...

8.8CVSS8.4AI score0.00825EPSS

Exploits0Affected Software1

SUSE CVE•added 2023/02/15 5:56 a.m.•3 views

SUSE CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.6AI score0.02416EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by