richfaces is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as the RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
www.securitytracker.com/id/1042037
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/5/
access.redhat.com/errata/RHSA-2018:3517
access.redhat.com/errata/RHSA-2018:3518
access.redhat.com/errata/RHSA-2018:3519
access.redhat.com/errata/RHSA-2018:3581
access.redhat.com/security/updates/classification/#critical
access.redhat.com/solutions/3660371
bugzilla.redhat.com/show_bug.cgi?id=1640767
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667