WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-1415 Vulnerability in maven package org.drools:drools-compiler

Description

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

Remediation

References

https://access.redhat.com/errata/RHSA-2022:6813

https://access.redhat.com/security/cve/CVE-2022-1415

https://bugzilla.redhat.com/show_bug.cgi?id=2065505

Related Vulnerabilities

CVE-2015-5171 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

CVE-2022-36095 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2022-43426 Vulnerability in maven package io.jenkins.plugins:s3explorer

CVE-2024-4367 Vulnerability in maven package org.webjars.bower:pdfjs-dist

CVE-2022-36098 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mentions-ui

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Issue Tracking