Every CVE whose affected-product data names Redhat Drools, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-41411 — CVSS 9.8 (critical): drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used…
CVE-2022-1415 — CVSS 8.1 (high): A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an…
CVE-2014-8125 — CVSS 7.5 (high): XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have…