Vulnerabilities > CVE-2022-25371 - Unspecified vulnerability in Apache Ofbiz
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
Vulnerable Configurations
References
- http://www.openwall.com/lists/oss-security/2022/09/02/7
- http://www.openwall.com/lists/oss-security/2022/09/02/7
- http://www.openwall.com/lists/oss-security/2022/09/03/1
- http://www.openwall.com/lists/oss-security/2022/09/03/1
- http://www.openwall.com/lists/oss-security/2022/09/08/2
- http://www.openwall.com/lists/oss-security/2022/09/08/2
- https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
- https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq