Vulnerabilities > Redhat > Drools > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-11 | CVE-2022-1415 | Deserialization of Untrusted Data vulnerability in Redhat products A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. | 8.8 |
2022-06-16 | CVE-2021-41411 | XXE vulnerability in Redhat Drools 6.1.0 drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. | 7.5 |
2015-04-21 | CVE-2014-8125 | XML External Entity Information Disclosure vulnerability in jBPM and Drools XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. | 7.5 |