CVE-2018-14667
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
74.2%
p99
KEV
SÍ
28 sept 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Red Hat / JBoss RichFaces Framework
Vulnerabilidad
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Añadido a KEV
28 sept 2023
Remediar antes de
19 oct 2023
Uso conocido en ransomware
No
Descripción resumida
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667; https://nvd.nist.gov/vuln/detail/CVE-2018-14667
Sin CVEs relacionados por CWE o producto.