CVE-2018-12533 — Expression Language Injection in Redhat Richfaces

CWE-917 — Expression Language Injection CWE-94 — Code Injection6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

75.5%

top 1.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Richfaces

Timeline

PublishedJun 18

Latest updateMay 13

Description

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDredhat/richfaces3.1.0 — 3.3.4

🔴Vulnerability Details

OSV

Arbitrary code execution in Richfaces↗2022-05-13

▶

GHSA

Arbitrary code execution in Richfaces↗2022-05-13

▶

CVEList

CVE-2018-12533: JBoss RichFaces 3↗2018-06-18

▶

📋Vendor Advisories

Red Hat

RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource↗2018-05-30

▶

💬Community

Bugzilla

CVE-2018-12533 RichFaces: Injection of arbitrary EL expressions allows remote code execution via org.richfaces.renderkit.html.Paint2DResource↗2018-05-31

▶