All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2018-14667
NONEKEVpublish date unavailable
CVSS / 10
// description
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
// required action (CISA KEV)
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
added 2023-09-28 00:00 UTC