CVE-2018-14667
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
CVSS
—
No CVSS
EPSS
74.2%
p99
KEV
YES
Sep 28, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Red Hat / JBoss RichFaces Framework
Vulnerability
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Added to KEV
Sep 28, 2023
Remediate by
Oct 19, 2023
Known ransomware use
No
Summary description
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667; https://nvd.nist.gov/vuln/detail/CVE-2018-14667
No related CVEs by CWE or product.