CVE-2018-12532 — Expression Language Injection in Redhat Richfaces

CWE-917 — Expression Language Injection CWE-94 — Code Injection6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

3.3%

top 12.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Richfaces

Timeline

PublishedJun 18

Latest updateMay 13

Description

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/richfaces4.5.3 — 4.5.17

🔴Vulnerability Details

GHSA

RichFaces vulnerable to Expression Language Injection↗2022-05-13

▶

OSV

RichFaces vulnerable to Expression Language Injection↗2022-05-13

▶

CVEList

CVE-2018-12532: JBoss RichFaces 4↗2018-06-18

▶

📋Vendor Advisories

Red Hat

RichFaces: Injection of arbitrary EL variable mapper allows to bypass mitigation of CVE-2015-0279 and thereby remote code execution↗2018-05-30

▶

💬Community

Bugzilla

CVE-2018-12532 RichFaces: Injection of arbitrary EL variable mapper allows to bypass mitigation of CVE-2015-0279 and thereby remote code execution↗2018-05-31

▶