VIR Vulnerability Intelligence Relay

CVE-2017-1000486

unknown KEV
Published 2021-06-03 · Modified 2022-01-10
CVSS v3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
VIR risk
1.5

Description

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

CISA KEV

Vendor
Primetek
Product
Primefaces Application
Due date
2022-07-10

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2017-1000486

Exploits

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.primefaces:primefaces>=5.0,<6.06.0

References

Verify integrity in audit chain (admin only). AS-IS.