Back to CVE Browser

CVE-2018-14667

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score69.4580%

EPSS Percentile87.37th

PublishedNov 6, 2018

Last ModifiedNov 3, 2025

Vulnerability Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Affected Platforms (CPE)

📦

Redhat

Richfaces

>= 3.1.0 and <= 3.3.4

💻

Redhat

Enterprise Linux

= 5.0

💻

Redhat

Enterprise Linux

= 6.0

References & Advisories

🔗 http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html

🔗 http://seclists.org/fulldisclosure/2020/Mar/21

🔗 http://www.securitytracker.com/id/1042037

🔗 https://access.redhat.com/errata/RHSA-2018:3517

🔗 https://access.redhat.com/errata/RHSA-2018:3518

🔗 https://access.redhat.com/errata/RHSA-2018:3519

🔗 https://access.redhat.com/errata/RHSA-2018:3581

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667

Related Vulnerabilities

CVE-2018-125329.8

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) varia...

CVE-2018-125339.8

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and exe...

CVE-2013-45219.8

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deseri...

CVE-2013-21657.5

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat ...