RCE in Redhat Jboss_fuse_service_works

CVE-2013-6469

JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party inf…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (65.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_fuse_service_works — versions 6.0
Redhat Jboss_overlord_run_time_governance — versions 1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

secalert@redhat.com (x_refsource_MISC)
57843 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)