THREATOPS
THREAT OPSCVEs › CVE-2018-14667

CVE-2018-14667 — Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

CISA KEVExploited: confirmedRed Hat

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Vulnerability details