RichFaces is vulnerable to remote code execution through deserialization attacks. The ResourceBuilderImpl.java class in RichFaces does not restrict the classes which can be deserialized, allowing remote attackers to execute code.
jvn.jp/en/jp/JVN38787103/index.html
jvndb.jvn.jp/jvndb/JVNDB-2013-000072
packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html
rhn.redhat.com/errata/RHSA-2013-1041.html
rhn.redhat.com/errata/RHSA-2013-1042.html
rhn.redhat.com/errata/RHSA-2013-1043.html
rhn.redhat.com/errata/RHSA-2013-1044.html
rhn.redhat.com/errata/RHSA-2013-1045.html
seclists.org/fulldisclosure/2020/Mar/21
access.redhat.com/errata/RHSA-2013:1041
access.redhat.com/errata/RHSA-2013:1042
access.redhat.com/errata/RHSA-2013:1043
access.redhat.com/errata/RHSA-2013:1044
access.redhat.com/errata/RHSA-2013:1045
access.redhat.com/security/cve/CVE-2013-2165
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=973570
rhn.redhat.com/errata/RHSA-2013-1042.html