Lucene search
RedHatRHSA-2018:3581HistoryNov 13, 2018 - 9:39 a.m.
(RHSA-2018:3581) Critical: Red Hat JBoss BRMS 5.3.1 security update
2018-11-1309:39:00
access.redhat.com
436
0.708 High
EPSS
Percentile
98.1%
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This asynchronous patch is a security update for the RichFaces package in standalone versions of Red Hat JBoss BRMS 5.3.1.
Security Fix(es):
- RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution (CVE-2018-14667)
See https://access.redhat.com/solutions/3660371 for specific information regarding this flaw.
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Joao Filho Matos Figueiredo for reporting this issue.
Related
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:25:47
attackerkb
attackerkb
CVE-2018-14667
2018-11-06 00:00:00
zdt
zdt
Richfaces 3.x Remote Code Execution Vulnerability
2018-11-21 00:00:00
cvelist
cvelist
CVE-2018-14667
2018-11-06 22:00:00
redhat
redhat
osv
osv
Richfaces vulnerable to arbitrary code execution
2022-05-13 01:17:53
nessus
nessus
RHEL 5 / 6 : JBoss Enterprise Application Platform 5.2.0 (RHSA-2018:3517)
2018-11-14 00:00:00
prion
prion
Code injection
2018-11-06 22:29:00
cisa_kev
cisa_kev
packetstorm
packetstorm
Richfaces 3.x Remote Code Execution
2018-11-20 00:00:00
nvd
nvd
CVE-2018-14667
2018-11-06 22:29:00
cve
cve
CVE-2018-14667
2018-11-06 22:29:00
redhatcve
redhatcve
CVE-2018-14667
2019-10-11 10:08:09
github
github
Richfaces vulnerable to arbitrary code execution
2022-05-13 01:17:53
