CVE-2018-14667

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData. Vendor/Product: Red Hat JBoss RichFaces Framework. Added to CISA KEV 2023-09-28; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2018-14667