JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-12532 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does not affect the following Red Hat products, as they do not include the vulnerable version of the RichFaces component:
Red Hat JBoss EAP 5.2
Red Hat JBoss Data Virtualization 6.4
Red Hat JBoss BRMS 5.3
Red Hat JBoss Operations Network 3.3
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 9.8 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Operations Network 3 | RichFaces | Not affected |
| Red Hat JBoss Enterprise SOA Platform 5 | RichFaces | Not affected |
| Red Hat JBoss EAP 6 | RichFaces | Not affected |
| Red Hat JBoss EAP 5 | RichFaces | Not affected |
| Red Hat JBoss Data Virtualization 6 | RichFaces | Not affected |
| Red Hat JBoss BRMS 5 | RichFaces | Not affected |
Vulmon