CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Oct 19, 2023
High
CISA KEVCVE-2018-14667
Red Hat—JBoss RichFaces Framework
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Required Action
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667; https://nvd.nist.gov/vuln/detail/CVE-2018-14667
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Sep 28, 2023
- KEV Added
- Sep 28, 2023
- Due Date
- Oct 19, 2023
- Related Articles
- 0
Vendor
Red Hat
JBoss RichFaces Framework