9.8
CVE-2017-1000486
- EPSS 94.1%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 05.11.2025 19:24:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPrimetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Primetek ≫ Primefaces Version >= 4.0 <= 4.0.24
Primetek ≫ Primefaces Version >= 5.0 < 5.2.21
Primetek ≫ Primefaces Version >= 5.3 < 5.3.8
10.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Primetek Primefaces Remote Code Execution Vulnerability
SchwachstellePrimetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.1% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
https://cryptosense.com/weak-encryption-flaw-in-primefaces/
https://github.com/primefaces/primefaces/issues/1152
https://www.exploit-db.com/exploits/43733/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-1000486