CVE-2018-14667CISA KEVEPSS p99.4%

CVE-2018-14667Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat / JBoss RichFaces Framework

Description

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Scoring

EPSS74.17% probability of exploitation · percentile 99.4% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2023-09-28

(incoming)1

TypeTargetConfidenceTier
KEVEntryRed Hat JBoss RichFaces Framework Expression Language Injection Vulnerabilitykev-cve-2018-146670%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Red Hat JBoss Application Server Remote Code Execution Vulnerability
CVE
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
CVE
Apache Struts Remote Code Execution Vulnerability
CVE
CVE-2026-41883
CVE
Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability
CVE
Apache Tomcat Remote Code Execution Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.