CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41411
https://notcve.org/view.php?id=CVE-2021-41411
16 Jun 2022 — drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability. drools versiones anteriores a7.59.x incluyéndola, está afectado por una vulnerabilidad de tipo XML External Entity (XXE) en KieModuleMarshaller.java. La clase Validator no es usada correctamente, resultando en una vulnerabilidad de inyección XXE • https://github.com/kiegroup/drools/pull/3808 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8125 – jBPM: BPMN2 file processing XXE in Process Execution
https://notcve.org/view.php?id=CVE-2014-8125
17 Apr 2015 — XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. Vulnerabilidad de entidad externa XML (XXE) en Drools and jBPM anterior a 6.2.0 permite a atacantes remotos leer ficheros arbitrarios o posiblemente tener otro impacto no especificado a través de un fichero BPMN2 manipulado. It was discovered that the jBPM runtime performed expansion of external parameter entities while ex... • http://rhn.redhat.com/errata/RHSA-2015-0850.html • CWE-611: Improper Restriction of XML External Entity Reference •