{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T17:18:01.915","vulnerabilities":[{"cve":{"id":"CVE-2013-4521","sourceIdentifier":"secalert@redhat.com","published":"2020-02-06T16:15:11.087","lastModified":"2026-06-16T23:57:22.963","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-2165."},{"lang":"es","value":"La implementación de RichFaces en Nuxeo Platform versión 5.6.0 anterior a HF27 y versión 5.8.0 anterior a HF-01, no restringe las clases para las que los métodos de deserialización pueden ser llamados, lo que permite a atacantes remotos ejecutar código arbitrario por medio de datos serializados diseñados. NOTA: esta vulnerabilidad puede solaparse con CVE-2013-2165."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Nuxeo","product":"Nuxeo Platform","versions":[{"version":"5.6.0 before HF27","status":"affected"},{"version":"5.8.0 before HF-01","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:-:*:*:*:*:*:*","matchCriteriaId":"42899695-FAB5-4F81-86BE-89E3089CBB36"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix01:*:*:*:*:*:*","matchCriteriaId":"43160374-78C9-41E4-9884-C78ECD42B6AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix02:*:*:*:*:*:*","matchCriteriaId":"03A3A542-E589-441A-8A8D-B997C9E028F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix03:*:*:*:*:*:*","matchCriteriaId":"E4D3B6C0-EEA6-4BAE-9992-8C439204D03D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix04:*:*:*:*:*:*","matchCriteriaId":"2DB7EFE4-DC2D-4DA9-B194-848E2DE3A16C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix05:*:*:*:*:*:*","matchCriteriaId":"C4AD54AC-9115-4782-8CA1-F278C79A3C66"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix06:*:*:*:*:*:*","matchCriteriaId":"DA1D0325-34F3-436D-A527-BFDC884E3C8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix07:*:*:*:*:*:*","matchCriteriaId":"C6C63873-5E2A-4FFD-9681-F2D6BE281237"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix08:*:*:*:*:*:*","matchCriteriaId":"BBB4C6A4-E296-4697-BBAE-A862DFAF6665"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix09:*:*:*:*:*:*","matchCriteriaId":"71877702-48D7-4EE8-9A7C-C9CEDD63C4A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix10:*:*:*:*:*:*","matchCriteriaId":"DCAFE86A-E0A6-44CF-8692-BE75EDDF3700"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix11:*:*:*:*:*:*","matchCriteriaId":"74CA7501-3BC6-4227-A865-5D7B378D590A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix12:*:*:*:*:*:*","matchCriteriaId":"726CB6C8-73BF-46D7-806E-731325D70A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix13:*:*:*:*:*:*","matchCriteriaId":"DF2D5F08-5993-4900-A543-9ADE64E16755"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix14:*:*:*:*:*:*","matchCriteriaId":"2B8F70D1-ED38-4689-8DA9-110972170438"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix15:*:*:*:*:*:*","matchCriteriaId":"B86C501E-D555-4CAF-AC09-40A35855C218"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix16:*:*:*:*:*:*","matchCriteriaId":"F6978E83-F831-4EB9-B3EF-A05FF733E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix17:*:*:*:*:*:*","matchCriteriaId":"22F818F2-EBFE-48BB-AE44-1F865EE1AC51"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix18:*:*:*:*:*:*","matchCriteriaId":"D5C523C0-E03D-4E97-AAD8-86E387D95296"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix19:*:*:*:*:*:*","matchCriteriaId":"1315D200-164D-4FB6-A46F-6F70AD7C8234"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix20:*:*:*:*:*:*","matchCriteriaId":"2B83B5A9-42B7-4B1C-9B58-0298B69B5568"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix21:*:*:*:*:*:*","matchCriteriaId":"07030217-791D-4EE2-AD44-B0147B88CCA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix22:*:*:*:*:*:*","matchCriteriaId":"9CCEFC5B-EF57-4FBC-AC4C-CBA29103A8AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix23:*:*:*:*:*:*","matchCriteriaId":"6E14078D-A0B5-4FC5-B713-A06FE53B38AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix24:*:*:*:*:*:*","matchCriteriaId":"C4BE4C3E-FC4C-4A78-A9C1-0FB4D597CA4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix25:*:*:*:*:*:*","matchCriteriaId":"FE2ED381-5DF4-4905-9564-7C897F7DD3A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.6.0:hotfix26:*:*:*:*:*:*","matchCriteriaId":"8281BE24-66D7-4F72-B656-6795F6A50AB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:nuxeo:nuxeo:5.8.0:-:*:*:*:*:*:*","matchCriteriaId":"AE2E0C2C-0CE4-45F6-A2A4-85D4F21792FF"}]}]}],"references":[{"url":"http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes","source":"secalert@redhat.com","tags":["Broken Link","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1027052","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"http://doc.nuxeo.com/display/public/ADMINDOC58/Nuxeo+Security+Hotfixes","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1027052","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/nuxeo/richfaces/commit/6cbad2a6dcb70d3e33a6ce5879b1a3ad79eb1aec","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}