CVE-2017-1000486

Warnung

Exploit

EPSS 93.73%
Veröffentlicht 03.01.2018 20:29:00
Zuletzt bearbeitet 05.11.2025 19:24:34
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Primetek ≫ Primefaces Version >= 4.0 <= 4.0.24

Primetek ≫ Primefaces Version >= 5.0 < 5.2.21

Primetek ≫ Primefaces Version >= 5.3 < 5.3.8

10.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Primetek Primefaces Remote Code Execution Vulnerability

Schwachstelle

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.73%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html

Third Party Advisory

Exploit

https://cryptosense.com/weak-encryption-flaw-in-primefaces/

Third Party Advisory

Broken Link

https://github.com/primefaces/primefaces/issues/1152

Third Party Advisory

Issue Tracking

https://www.exploit-db.com/exploits/43733/

Third Party Advisory

VDB Entry