CVE-2022-1415

high

Description

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2065505

https://access.redhat.com/security/cve/CVE-2022-1415

https://access.redhat.com/errata/RHSA-2022:6813

Details

Source: Mitre, NVD

Published: 2023-09-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01097