These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2018-14667 is a Red Hat JBoss RichFaces Framework expression language injection vulnerability that CISA has placed in the Known Exploited Vulnerabilities catalog. For defenders, the key takeaway is that this issue is considered actively exploited and should be treated as urgent remediation work, especially where RichFaces is still deployed in production or exposed to untrusted input.
CVE-2021-3560 is a Red Hat Polkit incorrect authorization vulnerability that CISA lists in its Known Exploited Vulnerabilities catalog. Because it is marked as known exploited, organizations should treat remediation as urgent and follow vendor update guidance as soon as possible.
CVE-2010-1428 is a Red Hat JBoss information disclosure vulnerability that CISA has included in its Known Exploited Vulnerabilities catalog. In the supplied KEV record, CISA marked the issue as known exploited, noted known ransomware campaign use, and set a remediation due date of 2022-06-15. Because this is a KEV-listed vulnerability, defenders should treat it as a high-priority patch and exposure review [truncated]
CVE-2010-0738 is a Red Hat JBoss authentication bypass vulnerability that CISA has listed in its Known Exploited Vulnerabilities catalog. The KEV entry marks the issue as known to be exploited and notes known ransomware campaign use. The defensive action provided in the supplied corpus is to apply updates per vendor instructions.
CVE-2017-12149 is a Red Hat JBoss Application Server remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog. The KEV entry indicates known ransomware campaign use and directs defenders to apply updates per vendor instructions. Because it is in KEV, this issue should be treated as actively exploited and prioritized for remediation.
CVE-2010-1871 is identified in CISA’s Known Exploited Vulnerabilities catalog for Red Hat JBoss Seam 2 and is labeled as a remote code execution vulnerability. Because CISA added it to KEV, defenders should treat it as actively exploited or at least operationally significant and prioritize remediation using vendor guidance.