A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
History

Wed, 25 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-09-11T20:20:23.745Z

Updated: 2024-09-25T19:54:35.795Z

Reserved: 2022-04-20T12:43:39.822Z

Link: CVE-2022-1415

cve-icon Vulnrichment

Updated: 2024-08-03T00:03:05.986Z

cve-icon NVD

Status : Modified

Published: 2023-09-11T21:15:41.483

Modified: 2024-11-21T06:40:41.140

Link: CVE-2022-1415

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-28T00:00:00Z

Links: CVE-2022-1415 - Bugzilla