The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Acknowledgments: Name: Joao Filho Matos Figueiredo
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:3518 https://access.redhat.com/errata/RHSA-2018:3518
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Via RHSA-2018:3517 https://access.redhat.com/errata/RHSA-2018:3517
JON notaffected.
This issue has been addressed in the following products: Red Hat JBoss SOA Platform Via RHSA-2018:3519 https://access.redhat.com/errata/RHSA-2018:3519
This issue has been addressed in the following products: Red Hat Decision Manager Via RHSA-2018:3581 https://access.redhat.com/errata/RHSA-2018:3581
This vulnerability is out of security support scope for the following products: * JBoss Developer Studio 11 Please refer to https://access.redhat.com/node/4027141 for more details.