{"vulnerability": "CVE-2018-14667", "sightings": [{"uuid": "e8b739c6-f3b7-4bba-a8d7-99d1e5df2591", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-09-28T18:10:02.000000Z"}, {"uuid": "fd060b1a-87e2-4d61-a48e-81476b8fe143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971892", "content": "", "creation_timestamp": "2024-12-24T20:35:19.675096Z"}, {"uuid": "978e76f1-be5a-4f35-ba6c-b280dd733ef5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:01.000000Z"}, {"uuid": "bfcc971b-420b-4efa-86d9-08272daa19cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:47.000000Z"}, {"uuid": "e3b2f3e4-0bd0-4c96-9cd1-b5ab2d8e6ff4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-14667", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f21bce52-5915-454e-a7a1-3beccf32d861", "content": "", "creation_timestamp": "2026-02-02T12:26:49.684030Z"}, {"uuid": "ce4e3340-9f10-4bdc-8e07-cc47cd4e6192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "seen", "source": "https://t.me/arpsyndicate/1126", "content": "#ExploitObserverAlert\n\nCVE-2018-14667\n\nDESCRIPTION: Exploit Observer has 23 entries related to CVE-2018-14667. The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.\n\nFIRST-EPSS: 0.820930000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-04T05:40:43.000000Z"}, {"uuid": "cb4ca5e0-7b6b-44ff-a956-91e63086c8fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-14667", "type": "exploited", "source": "https://t.me/information_security_channel/50740", "content": "CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks\nhttps://www.securityweek.com/cisa-warns-of-old-jboss-richfaces-vulnerability-being-exploited-in-attacks/\n\nCISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog.\nThe post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks (https://www.securityweek.com/cisa-warns-of-old-jboss-richfaces-vulnerability-being-exploited-in-attacks/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2023-09-29T16:08:50.000000Z"}]}