CVE-2018-14667 — Actively Exploited: JBoss RichFaces Framework (Red Hat)
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
| CVE ID | CVE-2018-14667 |
|---|---|
| Vendor | Red Hat |
| Product | JBoss RichFaces Framework |
| Vulnerability name | Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability |
| Date added | 2023-09-28 |
| Remediation due | 2023-10-19 |
| Known ransomware use | Unknown |
| Required action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Description | Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →