1. Home
  2. Vulnerabilities
  3. CVE-2017-1000486

CVE-2017-1000486

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 97.01 % (100th)
97.01% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

Weaknesses
CWE-326
Inadequate Encryption Strength
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-01-03 20:29:00
(6 years ago)
Updated Date
2018-01-24 14:05:05
(6 years ago)
Primetek Primefaces Remote Code Execution Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution
Required Action
Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
Vendor
Primetek
Product
Primefaces Application
In CISA Catalog from
2022-01-10
(2 years ago)
Due Date
2022-07-10
(2 years ago)

Affected Products

Primetek

Configuration #1

    CPE23 From Up To
  Primetek Primefaces from 4.0 version and 4.0.24 and prior versions cpe:2.3:a:primetek:primefaces >= 4.0 <= 4.0.24
  Primetek Primefaces from 5.0 version and prior 5.2.21 version cpe:2.3:a:primetek:primefaces >= 5.0 < 5.2.21
  Primetek Primefaces from 5.3 version and prior 5.3.8 version cpe:2.3:a:primetek:primefaces >= 5.3 < 5.3.8