VDB
RHSA-2016%3A0539
RHSA-2016%3A0539
PUBLISHED
CVSS 7.400000095367432 HIGH
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the BeanShell library.
Risk Scores
CVSS 3.0
7.400000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss BPMS 6.2 |
Timeline
- Mar 30, 2016 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2016:0539 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite&downloadType=securityPatches&version=6.2.0 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1310647 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0539.json advisory
- https://access.redhat.com/security/cve/CVE-2016-2510 advisory
- https://www.cve.org/CVERecord?id=CVE-2016-2510 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2016-2510 advisory
- https://github.com/beanshell/beanshell/releases/tag/2.0b6 advisory