9.8
CVE-2018-14667
- EPSS 74.17%
- Veröffentlicht 06.11.2018 22:29:00
- Zuletzt bearbeitet 03.11.2025 15:03:48
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Linux Version6.0
28.09.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
SchwachstelleRed Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
BeschreibungApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.17% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| secalert@redhat.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
http://seclists.org/fulldisclosure/2020/Mar/21
http://www.securitytracker.com/id/1042037
https://access.redhat.com/errata/RHSA-2018:3517
https://access.redhat.com/errata/RHSA-2018:3518
https://access.redhat.com/errata/RHSA-2018:3519
https://access.redhat.com/errata/RHSA-2018:3581
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14667