Primetek Primefaces Weak Encryption Remote Code Execution (CVE-2017-1000486)

Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password.

You can read the full article here.