CVE-2018-12532

CRITICAL Year: 2018
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-917
View all →

Vulnerability Description

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

Related Vulnerabilities

CVE-2018-12533

CRITICAL
CVSS:9.8(Critical)

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org....

CWE-9172018

CVE-2019-11949

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-5352

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-5358

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-5387

CRITICAL
CVSS:9.8(Critical)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-5916

CRITICAL
CVSS:9.8(Critical)

Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2....

CWE-9172019