← ExploitWatch
HomeExploited Vulnerabilities

CVE-2018-14667 — Actively Exploited: JBoss RichFaces Framework (Red Hat)

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

CVE IDCVE-2018-14667
VendorRed Hat
ProductJBoss RichFaces Framework
Vulnerability nameRed Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Date added2023-09-28
Remediation due2023-10-19
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionRed Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →