Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-94

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667
https://nvd.nist.gov/vuln/detail/CVE-2018-14667

Cybersecurity Alerts

CVE-2018-14667

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Required Action

Weakness Classification

References