THREAT OPS › CVEs › CVE-2018-14667
CVE-2018-14667 — Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Vulnerability details
- Affected productsJBoss RichFaces Framework
- KEV remediation due2023-10-19