{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T08:08:19.813","vulnerabilities":[{"cve":{"id":"CVE-2011-4343","sourceIdentifier":"secalert@redhat.com","published":"2017-08-08T21:29:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters."},{"lang":"es","value":"Una vulnerabilidad de revelación de información en Apache MyFaces Core en sus versiones 2.0.1 a2.0.10 y 2.1.0 a 2.1.4 permite que atacantes remotos inyecten expresiones EL mediante parámetros manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D2553740-5152-4786-85D7-9BD0433E808F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D42FAD0C-903D-4021-9923-531A5B214A69"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5143735D-2AAF-43BC-9B32-7ADFF18E32BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C51E1E3E-DAFC-4524-8E38-1A58DDA80FCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"02AECFF6-62FC-4D1E-AB54-A8FA11CE7887"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"146E19F7-86A5-44A3-9AAA-86A507270523"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"2135F657-49C7-41BE-89C0-3496A92B4E37"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"BB544DC3-399C-4ACD-ABAE-F73415BBFDBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"998CCCC7-6A28-4510-A19F-DCEFC5F2F66D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"39BBDA9C-5778-4AC9-9FD3-0D7F90686422"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"885E4270-F460-46A6-9FDE-54E4E5AC1457"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"66C1133D-7C27-4BD6-B7A1-480D79841ED7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7F95A59D-2FFB-4A2D-BA53-62C7B59444B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2E875F02-7B72-41F4-B800-FCC73734C327"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:myfaces:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"B6324BA3-01FD-4BE0-95AF-6CCFBA594A43"}]}]}],"references":[{"url":"http://marc.info/?l=full-disclosure&m=132313252814362","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1039695","source":"secalert@redhat.com"},{"url":"https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://marc.info/?l=full-disclosure&m=132313252814362","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1039695","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://issues.apache.org/jira/secure/attachment/12504807/MYFACES-3405-1.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}