Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.
Acknowledgments: Name: Jonas Bauters (NVISO)
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.4.0 Via RHSA-2016:2823 https://rhn.redhat.com/errata/RHSA-2016-2823.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.4.0 Via RHSA-2016:2822 https://rhn.redhat.com/errata/RHSA-2016-2822.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.3.4 Via RHSA-2016:2938 https://rhn.redhat.com/errata/RHSA-2016-2938.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.3.4 Via RHSA-2016:2937 https://rhn.redhat.com/errata/RHSA-2016-2937.html