CVE-2013-2165

CWE-264CWE-502Deserialization of Untrusted Data8 documents7 sources
Severity
7.5HIGH
EPSS
25.7%
top 3.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Redhat Jboss WEB Framework KITNuxeo Nuxeo PlatformRedhat Jboss Enterprise Application Platform+6 more
Timeline
PublishedJul 23
Latest updateMay 13

Description

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not re

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages10 packages

🔴Vulnerability Details

3
OSV
Remote code execution due to insecure deserialization2022-05-13
GHSA
Remote code execution due to insecure deserialization2022-05-13
CVEList
CVE-2013-2165: ResourceBuilderImpl2013-07-22

📋Vendor Advisories

1
Red Hat
RichFaces: Remote code execution due to insecure deserialization2013-07-10

📄Research Papers

1
CTF
angry-seam-500 / README2016

💬Community

2
Bugzilla
CVE-2013-4521 Nuxeo RichFaces: Remote code execution due to insecure deserialization2013-11-06
Bugzilla
CVE-2013-2165 JBoss RichFaces: Remote code execution due to insecure deserialization2013-06-12
CVE-2013-2165 (HIGH CVSS 7.5) | ResourceBuilderImpl.java in the Ric | cvebase.io