CVE-2018-14667: Red Hat JBoss RichFaces Framework Expression Language

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability. Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

• CISA KEV-listed (remediation due 2023-10-19)
• EPSS 89.5% (99.6% percentile)

Browse the CVE database

Read the full analysis on IntelFusions