Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-12532
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-18 Jun, 2018 | 12:29
Updated At-24 Aug, 2020 | 17:37

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Red Hat, Inc.
redhat
>>richfaces>>Versions from 4.5.3(inclusive) to 4.5.17(inclusive)
cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-917Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2020/Mar/21cve@mitre.org
N/A
http://www.securityfocus.com/bid/104503cve@mitre.org
Third Party Advisory
VDB Entry
https://codewhitesec.blogspot.com/2018/05/poor-richfaces.htmlcve@mitre.org
Exploit
Third Party Advisory
Change History
0Changes found
Details not found