CVE-2018-14667

Name: CVE-2018-14667
Creator: NVD / NIST
Published: 2018-11-06T22:29:00.193+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10Actively ExploitedEPSS 74.17%

Last modified Jun 17, 2026

CVE-2018-14667 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.. CISA has confirmed active exploitation in the wild. EPSS estimates a 74.17% chance of exploitation in the next 30 days.

Description

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

74.17%

99.4th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Oct 19, 2023.

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Redhat	Richfaces	>= 3.1.0, <= 3.3.4
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux	6.0

References

http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Mar/21Mailing List, Third Party Advisory
http://www.securitytracker.com/id/1042037Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:3517Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3518Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3519Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3581Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667Issue Tracking, Vendor Advisory
http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2020/Mar/21Mailing List, Third Party Advisory
http://www.securitytracker.com/id/1042037Third Party Advisory, VDB Entry
https://access.redhat.com/errata/RHSA-2018:3517Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3518Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3519Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3581Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667Issue Tracking, Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-14667US Government Resource

Timeline

Published: Nov 6, 2018
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2018-14667?

How severe is CVE-2018-14667?

CVE-2018-14667 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 74.17% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2018-14667?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-14667?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST