CVE-2022-1415
Summary
| CVE | CVE-2022-1415 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-11 21:15:00 UTC |
| Updated | 2023-11-07 03:41:00 UTC |
| Description | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Decision Manager | 7.0 | All | All | All |
| Application | Redhat | Drools | 7.69.0 | All | All | All |
| Application | Redhat | Jboss Middleware Text-only Advisories | - | All | All | All |
| Application | Redhat | Process Automation | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 2065505 – (CVE-2022-1415) CVE-2022-1415 drools: unsafe data deserialization in StreamUtils | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| cve-details | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.