Moderate severityNVD Advisory· Published Sep 11, 2023· Updated Sep 25, 2024
Drools: unsafe data deserialization in streamutils
CVE-2022-1415
Description
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Drools core utility classes lack proper deserialization safeguards, allowing authenticated remote code execution via crafted serialized objects.
Vulnerability
Description
The vulnerability exists in certain utility classes within the Drools core that do not implement proper safeguards during deserialization of data [1][2]. This flaw is a classic Java deserialization issue where the classes fail to validate or filter incoming serialized objects, making the system susceptible to maliciously crafted serialized data streams.
Exploitation
Conditions
An authenticated attacker can exploit this flaw by sending specially crafted serialized Java objects (often referred to as 'gadgets') to the vulnerable Drools server [1]. Authentication is required, but once obtained, no special network position is needed beyond network access to the server. The attacker can trigger the deserialization of these malicious objects through exposed interfaces.
Impact
Successful exploitation allows the attacker to achieve arbitrary code execution on the server [2]. This can lead to full compromise of the Drools application, potentially allowing the attacker to execute arbitrary commands, access sensitive data, or pivot to other systems within the network.
Mitigation
Red Hat has addressed this vulnerability in a security update for Red Hat Process Automation Manager (RHSA-2022:6813) [3]. Users are advised to apply the update promptly. As of the advisory date, no workarounds have been published, and the vulnerability is considered important for Red Hat Process Automation Manager deployments.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.drools:drools-coreMaven | < 7.69.0.Final | 7.69.0.Final |
Affected products
85- Red Hat/Red Hat Integration Camel Quarkusv5cpe:/a:redhat:camel_quarkus:2
- Red Hat/Red Hat build of Apache Camel for Spring Bootv5cpe:/a:redhat:camel_spring_boot:3
- Red Hat/Red Hat Integration Camel Kv5cpe:/a:redhat:integration:1
- Red Hat/Red Hat JBoss Data Grid 7v5cpe:/a:redhat:jboss_data_grid:7
- Red Hat/Red Hat JBoss Data Virtualization 6v5cpe:/a:redhat:jboss_data_virtualization:6
- Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Packv5cpe:/a:redhat:jbosseapxp
- Red Hat/Red Hat JBoss Enterprise Application Platform 6v5cpe:/a:redhat:jboss_enterprise_application_platform:6
- Red Hat/Red Hat JBoss Enterprise Application Platform 7v5cpe:/a:redhat:jboss_enterprise_application_platform:7
- Red Hat/Red Hat Process Automation 7v5cpe:/a:redhat:jboss_enterprise_bpms_platform:7
- Red Hat/RHPAM 7.13.1 asyncv5cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13
- Red Hat/Red Hat Decision Manager 7v5cpe:/a:redhat:jboss_enterprise_brms_platform:7
- Red Hat/Red Hat JBoss Fuse 6v5cpe:/a:redhat:jboss_fuse:6
- Red Hat/Red Hat JBoss Fuse 7v5cpe:/a:redhat:jboss_fuse:7
- Red Hat/Red Hat JBoss Fuse Service Works 6v5cpe:/a:redhat:jboss_fuse_service_works:6
- Red Hat/Red Hat build of Quarkusv5cpe:/a:redhat:quarkus:2
- ghsa-coords70 versionspkg:maven/org.drools/drools-corepkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/drools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/drools&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/image-sync-formula&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-proxy&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-search&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-build-keys&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/susemanager-tftpsync&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/uyuni-common-libs&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/uyuni-setup-reportdb&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.3pkg:rpm/suse/woodstox&distro=SUSE%20Manager%20Server%20Module%204.2
< 7.69.0.Final+ 69 more
- (no CPE)range: < 7.69.0.Final
- (no CPE)range: < 3.1.2-150300.5.19.1
- (no CPE)range: < 3.3.3-150400.5.17.3
- (no CPE)range: < 7.17.0-150300.4.9.2
- (no CPE)range: < 7.17.0-150400.3.9.3
- (no CPE)range: < 0.8.1-150300.3.9.2
- (no CPE)range: < 0.8.0-150400.3.6.3
- (no CPE)range: < 0.1.1673279145.e7616bd-150400.3.9.3
- (no CPE)range: < 0.2.7-150300.8.28.2
- (no CPE)range: < 0.2.6-150400.3.12.3
- (no CPE)range: < 4.2.9-150300.2.12.2
- (no CPE)range: < 4.2.9-150300.2.12.2
- (no CPE)range: < 4.3.7-150400.3.3.4
- (no CPE)range: < 4.3.5-150400.3.3.5
- (no CPE)range: < 0.7.0-150300.3.17.2
- (no CPE)range: < 3000.3-150300.7.7.29.2
- (no CPE)range: < 4.3.4-150400.3.43.1
- (no CPE)range: < 4.2.7-150300.4.12.2
- (no CPE)range: < 4.2.7-150300.4.12.2
- (no CPE)range: < 4.3.5-150400.3.3.3
- (no CPE)range: < 0.1.1676908681.e90e0b1-150300.3.15.1
- (no CPE)range: < 0.1.1673279145.e7616bd-150400.3.6.3
- (no CPE)range: < 0.21.0-150300.3.12.4
- (no CPE)range: < 1.7.11-0.150300.3.12.2
- (no CPE)range: < 4.2.21-150300.4.33.2
- (no CPE)range: < 4.2.21-150300.4.33.2
- (no CPE)range: < 4.3.18-150400.3.12.3
- (no CPE)range: < 4.2.13-150300.3.18.1
- (no CPE)range: < 4.2.26-150300.4.35.6
- (no CPE)range: < 4.2.26-150300.4.35.6
- (no CPE)range: < 4.3.18-150400.3.12.5
- (no CPE)range: < 4.2.19-150300.3.27.4
- (no CPE)range: < 4.2.19-150300.3.27.4
- (no CPE)range: < 4.3.17-150400.3.12.4
- (no CPE)range: < 4.2.22-150300.4.30.2
- (no CPE)range: < 4.2.22-150300.4.30.2
- (no CPE)range: < 4.3.14-150400.3.12.5
- (no CPE)range: < 4.2.47-150300.3.58.1
- (no CPE)range: < 4.3.46-150400.3.28.1
- (no CPE)range: < 4.2.13-150300.3.24.2
- (no CPE)range: < 4.2.11-150300.3.14.2
- (no CPE)range: < 4.2.9-150300.3.15.2
- (no CPE)range: < 4.3.8-150400.3.9.3
- (no CPE)range: < 4.3.16-150400.3.12.3
- (no CPE)range: < 4.2.32-150300.3.36.4
- (no CPE)range: < 4.2.32-150300.3.36.4
- (no CPE)range: < 4.3.27-150400.3.12.5
- (no CPE)range: < 4.2.5-150300.3.9.2
- (no CPE)range: < 4.3.6-150400.3.6.3
- (no CPE)range: < 15.3.6-150300.3.6.2
- (no CPE)range: < 15.3.6-150300.3.6.2
- (no CPE)range: < 15.4.7-150400.3.12.3
- (no CPE)range: < 4.2.40-150300.3.49.1
- (no CPE)range: < 4.3.23-150400.3.16.3
- (no CPE)range: < 4.2-150300.12.39.4
- (no CPE)range: < 4.2-150300.12.39.2
- (no CPE)range: < 4.3-150400.9.19.1
- (no CPE)range: < 4.2.27-150300.3.35.1
- (no CPE)range: < 4.3.16-150400.3.12.4
- (no CPE)range: < 4.2.31-150300.3.43.1
- (no CPE)range: < 4.3.29-150400.3.16.1
- (no CPE)range: < 4.3.12-150400.3.11.3
- (no CPE)range: < 4.3.3-150400.3.6.5
- (no CPE)range: < 4.2.9-150300.3.14.1
- (no CPE)range: < 4.2.9-150300.3.14.1
- (no CPE)range: < 4.3.7-150400.3.9.4
- (no CPE)range: < 4.3.6-150400.3.3.4
- (no CPE)range: < 1.0.24-150300.3.9.2
- (no CPE)range: < 1.0.24-150400.3.6.3
- (no CPE)range: < 4.4.2-150300.3.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2022:6813ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-m5q8-58wh-xxq4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-1415ghsaADVISORY
- access.redhat.com/security/cve/CVE-2022-1415ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
News mentions
0No linked articles in our index yet.