The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-14667 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 9.8 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity Impact | High |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server (richfaces) | RHSA-2018:3517 | 2018-11-06 |
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server (richfaces) | RHSA-2018:3517 | 2018-11-06 |
Red Hat JBoss EAP 5 | RHSA-2018:3518 | 2018-11-06 |
Red Hat JBoss SOA Platform 5.3 | RHSA-2018:3519 | 2018-11-07 |
JBoss Enterprise BRMS Platform 5.3 | RHSA-2018:3581 | 2018-11-13 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Operations Network 3 | RichFaces | Not affected |