Vulnerabilities > Redhat > Richfaces
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-06 | CVE-2018-14667 | Code Injection vulnerability in Redhat Enterprise Linux and Richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. | 9.8 |
| 2018-06-18 | CVE-2018-12533 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | 9.8 |
| 2018-06-18 | CVE-2018-12532 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. | 9.8 |