CVE-2018-12533

Name of the Vulnerable Software and Affected Versions JBoss RichFaces versions 3.1.0 through 3.3.4

Description The issue allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object. This is related to errors in code generation management. Exploitation of the issue may allow a remote attacker to execute arbitrary Java code with the privileges of the target service.

Recommendations For JBoss RichFaces versions 3.1.0 through 3.3.4, consider restricting access to the org.richfaces.renderkit.html.Paint2DResource$ImageData object to minimize the risk of exploitation. As a temporary workaround, avoid using paths with the /DATA/ substring until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.