COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2018-14667

CVE-2018-14667

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-09-28
Reference
https://nvd.nist.gov/vuln/detail/CVE-2018-14667
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resourc

Players implicated

Red Hat · vendorJBoss RichFaces Framework · product

Description

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Red Hat OpenShift Service on AWS (ROSA) Red Hat In Process vendor-exact · 0.90