What is CVE-2018-14667?

CVE-2018-14667 is a critical-severity vulnerability in [Unknown] Richfaces, classified under Code Injection. CVSS score: 9.8/10. Published 2018-11-06.

How severe is CVE-2018-14667?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2018-14667 known to be exploited?

Yes. CVE-2018-14667 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-09-28), indicating it is being actively exploited. 22 public proof-of-concept repositories are indexed.

RCE in [Unknown] Richfaces

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized o…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.895 (99.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

[Unknown] Richfaces — versions affected 3.X through 3.3.4

Weakness classification (CWE)

CWE-94 — Code Injection

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2023-09-28. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2023-10-19.

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public proof-of-concept exploits

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_CONFIRM)
RHSA-2018:3519 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3581 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3518 (x_refsource_REDHAT, vendor-advisory)
RHSA-2018:3517 (x_refsource_REDHAT, vendor-advisory)
1042037 (vdb-entry, x_refsource_SECTRACK)
packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit… (x_refsource_MISC)
20200313 RichFaces exploitation toolkit (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2018-14667?: CVE-2018-14667 is a critical-severity vulnerability in [Unknown] Richfaces, classified under Code Injection. CVSS score: 9.8/10. Published 2018-11-06.
How severe is CVE-2018-14667?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2018-14667 known to be exploited?: Yes. CVE-2018-14667 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-09-28), indicating it is being actively exploited. 22 public proof-of-concept repositories are indexed.