(RHSA-2018:3519) Critical: Red Hat JBoss SOA Platform security update

2018-11-07T06:48:01
ID RHSA-2018:3519
Type redhat
Reporter RedHat
Modified 2018-11-07T06:48:29

Description

Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future (EDA and CEP) integration methodologies to dramatically improve business process execution speed and quality.

This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss SOA Platform 5.3.1.

Security Fix(es):

  • RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution (CVE-2018-14667)

See https://access.redhat.com/solutions/3660371 for specific information regarding this flaw.

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this issue.