Vulnerabilities > Redhat > Richfaces > 3.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-06 | CVE-2018-14667 | Code Injection vulnerability in Redhat Enterprise Linux and Richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. | 9.8 |
| 2018-06-18 | CVE-2018-12533 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | 9.8 |