Primetek PrimeFaces 5.x uses weak encryption for ViewState parameters, allowing unauthenticated remote code execution through crafted serialized Java objects sent via the ViewState mechanism.
NVD
GitHub
Exploit-DB
CVSS 3.1
9.8
EPSS
93.7%
Threat
9.8