CVE-2018-14667CISA KEV: Actively Exploited

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Published Sep 28, 2023·Updated Sep 28, 2023

Description

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Public Exploits & PoCs4 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free