Vulnerabilities > CVE-2022-1415 - Deserialization of Untrusted Data vulnerability in Redhat products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/errata/RHSA-2022:6813
- https://access.redhat.com/errata/RHSA-2022:6813
- https://access.redhat.com/security/cve/CVE-2022-1415
- https://access.redhat.com/security/cve/CVE-2022-1415
- https://bugzilla.redhat.com/show_bug.cgi?id=2065505
- https://bugzilla.redhat.com/show_bug.cgi?id=2065505