Richfaces Red Hat Richfaces

Do you want an email whenever new security vulnerabilities are reported in Red Hat Richfaces?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Richfaces . Richfaces did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 3 9.80

It may take a day or so for new Richfaces vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Richfaces Security Vulnerabilities

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource

CVE-2018-14667 9.8 - Critical - November 06, 2018

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Code Injection

JBoss RichFaces 4.5.3 through 4.5.17

CVE-2018-12532 9.8 - Critical - June 18, 2018

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

EL Injection

JBoss RichFaces 3.1.0 through 3.3.4

CVE-2018-12533 9.8 - Critical - June 18, 2018

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

EL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Richfaces or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe