December 10, 2023

The US CISA has added the critical flaw CVE-2018-14667 with a CVSS score of 9.8 affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog.

The issue is an Expression Language (EL) injection via the UserResource resource. It affects RichFaces Framework 3.X through 3.3.4. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Advertisements

The vulnerability was discovered by the security researcher Joao Filho Matos Figueiredo.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this flaw by October 19, 2023.

Tags:

2 thoughts on “CISA KEV Update Part III – September 2023

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d