Lucene search
+L

10 matches found

cisa_kev
cisa_kev
added 2023/09/28 12:0 a.m.33 views

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

9.8CVSS7.9AI score0.74171EPSS
In wildExploits6
redhatcve
redhatcve
added 2019/10/11 10:8 a.m.32 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

9.8CVSS5.4AI score0.74171EPSS
Exploits6References2
veracode
veracode
added 2019/01/15 9:25 a.m.32 views

Remote Code Execution (RCE)

richfaces is vulnerable to Remote code Execution RCE attacks. The vulnerability is due to improper Expression Language EL sanitization in the UserResource class. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects gadget chains...

9.8CVSS9.7AI score0.74171EPSS
Exploits6References13Affected Software2
packetstorm
packetstorm
added 2018/11/20 12:0 a.m.337 views

Richfaces 3.x Remote Code Execution

Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...

9.5AI score0.74171EPSS
Exploits6
osv
osv
added 2018/11/06 10:29 p.m.3 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

9.8CVSS6.1AI score0.74171EPSS
Exploits6References9
prion
prion
added 2018/11/06 10:29 p.m.24 views

Code injection

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

7.5CVSS9.7AI score0.74171EPSS
Exploits6References8Affected Software2
vulnrichment
vulnrichment
added 2018/11/06 10:0 p.m.11 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

9.8CVSS7.9AI score0.74171EPSS
Exploits6References8
redhat
redhat
added 2018/11/06 7:5 p.m.6 views

RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

9.8CVSS7.7AI score0.74171EPSS
Exploits6References5
attackerkb
attackerkb
added 2018/11/06 12:0 a.m.26 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. Recen...

9.8CVSS8.3AI score0.74171EPSS
In wildExploits6References9
ptsecurity
ptsecurity
added 2018/11/06 12:0 a.m.7 views

PT-2018-12653 · Red Hat · Red Hat Jboss Richfaces Framework

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss RichFaces Framework versions 3.X through 3.3.4 Description: The issue is related to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code...

9.8CVSS9.6AI score0.74171EPSS
Exploits6References29
Rows per page
Query Builder