EPSS
Percentile
99.8%
primefaces is vulnerable to remote code execution (RCE). It uses weak encryption on the PrimeSecret and PrimeOracle which allows expression language injection and remote code execution.
PrimeSecret
PrimeOracle
blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
cryptosense.com/weak-encryption-flaw-in-primefaces/
github.com/primefaces/primefaces/issues/1152