Richfaces@* Security Vulnerabilities and Issues — Richfaces@* CVE List

Lucene search

RedhatRichfaces*

3 matches found

CVE•added 2018/11/06 10:29 p.m.•356 views

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

9.8CVSS9.7AI score0.88931EPSS

CVE•added 2018/06/18 12:29 p.m.•100 views

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

9.8CVSS9.6AI score0.73981EPSS

CVE•added 2018/06/18 12:29 p.m.•89 views

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

9.8CVSS9.6AI score0.03466EPSS