⚠ Actively exploited
Added to CISA KEV on 2023-09-28. Federal agencies required to patch by 2023-10-19. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2018-14667Code Injection in Redhat Richfaces

CWE-94Code Injection8 documents8 sources
Severity
9.8CRITICALNVD
EPSS
89.5%
top 0.45%
CISA KEV
KEV
Added 2023-09-28
Due 2023-10-19
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Redhat RichfacesRedhat Enterprise Linux
Timeline
PublishedNov 6
KEV addedSep 28
KEV dueOct 19
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDredhat/richfaces3.1.03.3.4

Also affects: Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

4
OSV
Richfaces vulnerable to arbitrary code execution2022-05-13
GHSA
Richfaces vulnerable to arbitrary code execution2022-05-13
CVEList
CVE-2018-14667: The RichFaces Framework 32018-11-06
VulnCheck
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability2018

📋Vendor Advisories

2
CISA
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability2023-09-28
Red Hat
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution2018-11-06

💬Community

1
Bugzilla
CVE-2018-14667 RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution2018-10-15
CVE-2018-14667 — Code Injection in Redhat Richfaces | cvebase