Lucene search
RedHatRHSA-2018:3518HistoryNov 06, 2018 - 6:52 p.m.
(RHSA-2018:3518) Critical: JBoss Enterprise Application Platform 5.2.0 security update
2018-11-0618:52:41
access.redhat.com
574
0.708 High
EPSS
Percentile
98.1%
Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.
This asynchronous patch is a security update for the RichFaces package in Red Hat JBoss Enterprise Application Platform 5.2.
Security Fix(es):
- RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution (CVE-2018-14667)
See https://access.redhat.com/solutions/3660371 for specific information regarding this flaw.
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this issue.
Related
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:25:47
attackerkb
attackerkb
CVE-2018-14667
2018-11-06 00:00:00
zdt
zdt
Richfaces 3.x Remote Code Execution Vulnerability
2018-11-21 00:00:00
nessus
nessus
RHEL 5 / 6 : JBoss Enterprise Application Platform 5.2.0 (RHSA-2018:3517)
2018-11-14 00:00:00
prion
prion
Code injection
2018-11-06 22:29:00
redhat
redhat
(RHSA-2018:3581) Critical: Red Hat JBoss BRMS 5.3.1 security update
2018-11-13 09:39:00
(RHSA-2018:3519) Critical: Red Hat JBoss SOA Platform security update
2018-11-07 01:48:01
cvelist
cvelist
CVE-2018-14667
2018-11-06 22:00:00
osv
osv
Richfaces vulnerable to arbitrary code execution
2022-05-13 01:17:53
cve
cve
CVE-2018-14667
2018-11-06 22:29:00
redhatcve
redhatcve
CVE-2018-14667
2019-10-11 10:08:09
github
github
Richfaces vulnerable to arbitrary code execution
2022-05-13 01:17:53
nvd
nvd
CVE-2018-14667
2018-11-06 22:29:00
packetstorm
packetstorm
Richfaces 3.x Remote Code Execution
2018-11-20 00:00:00
cisa_kev
cisa_kev
