Redhat: >> Richfaces >> 4.5.4 Security Vulnerabilities
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
CVSS Score
9.8
EPSS Score
0.035
Published
2018-06-18
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
CVSS Score
6.8
EPSS Score
0.028
Published
2015-03-26