Deserialization in Red Hat Build Of Apache Camel For Spring Boot
CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve cod…
Vulnerability class: Insecure Deserialization
EPSS: 0.011 (59.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Red Hat Build Of Apache Camel For Spring Boot
- Red Hat Build Of Quarkus
- Red Hat Decision Manager 7
- Red Hat Integration Camel K
- Red Hat Integration Camel Quarkus
- Red Hat Jboss Data Grid 7
- Red Hat Jboss Data Virtualization 6
- Red Hat Jboss Enterprise Application Platform 6
- Red Hat Jboss Enterprise Application Platform 7
- Red Hat Jboss Enterprise Application Platform Expansion Pack
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)
Frequently asked questions
- What is CVE-2022-1415?
- CVE-2022-1415 is a high-severity vulnerability in Red Hat Build Of Apache Camel For Spring Boot, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2023-09-11.
- How severe is CVE-2022-1415?
- High severity. CVSS v3 base score is 8.1 out of 10.
- Is CVE-2022-1415 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.