Vulnerability Details CVE-2018-12532
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-12532
-
cpe:2.3:a:redhat:richfaces:4.5.10
-
cpe:2.3:a:redhat:richfaces:4.5.11
-
cpe:2.3:a:redhat:richfaces:4.5.12
-
cpe:2.3:a:redhat:richfaces:4.5.13
-
cpe:2.3:a:redhat:richfaces:4.5.14
-
cpe:2.3:a:redhat:richfaces:4.5.15
-
cpe:2.3:a:redhat:richfaces:4.5.16
-
cpe:2.3:a:redhat:richfaces:4.5.17
-
cpe:2.3:a:redhat:richfaces:4.5.3
-
cpe:2.3:a:redhat:richfaces:4.5.4
-
cpe:2.3:a:redhat:richfaces:4.5.5
-
cpe:2.3:a:redhat:richfaces:4.5.6
-
cpe:2.3:a:redhat:richfaces:4.5.7
-
cpe:2.3:a:redhat:richfaces:4.5.8
-
cpe:2.3:a:redhat:richfaces:4.5.9