vulnerability
Primetek Primefaces: CVE-2017-1000486: Remote Code Execution
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Jan 3, 2018 | Jul 22, 2025 | Jul 22, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Jan 3, 2018
Added
Jul 22, 2025
Modified
Jul 22, 2025
Description
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
Solution
primetek-primefaces-upgrade-latest
References
- CVE-2017-100048
- https://attackerkb.com/topics/CVE-2017-100048
- https://github.com/mogwailabs/CVE-2017-1000486
- https://github.com/pimps/CVE-2017-1000486
- https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000486
- https://cryptosense.com/weak-encryption-flaw-in-primefaces/
- CWE-326
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.