CVE-2018-14667

9.8

CVSS
Critical

PUBLISHED

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote,...

Exploited in the wild Remote Low complexity No user interaction

Vendor: [UNKNOWN]
Product: RichFaces
Published: Nov 06, 2018
EPSS: —

Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

java cisa nessus_scanner

CVSS scores

CVSS v3.0 9.8 Critical

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-09-28 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Sep 28, 2023

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/118943	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

Venscor/CVE-2018-14667-poc

github · Created 2019-09-23 07:45:01 UTC · 8 stars

CVE-2018-14667-poc Richfaces漏洞环境及PoC

syriusbughunt/CVE-2018-14667

github · Created 2018-11-30 04:06:08 UTC · 50 stars

All about CVE-2018-14667; From what it is to how to successfully exploit it.

r00t4dm/CVE-2018-14667

github · Created 2018-11-28 07:35:28 UTC · 1 stars

about CVE-2018-14667 from RichFaces Framework 3.3.4

zeroto01/CVE-2018-14667

github · Created 2018-11-23 06:44:49 UTC · 2 stars

Vulnerability detail