CVE-2013-2250

Опубликовано: 15 авг. 2013

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
Broken Link
http://ofbiz.apache.org/download.html#vulnerabilities
Patch
Vendor Advisory
http://osvdb.org/95522
Broken Link
http://secunia.com/advisories/53910
Third Party Advisory
http://www.securityfocus.com/bid/61369
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
Third Party Advisory
VDB Entry
http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
Broken Link
http://ofbiz.apache.org/download.html#vulnerabilities
Patch
Vendor Advisory
http://osvdb.org/95522
Broken Link
http://secunia.com/advisories/53910
Third Party Advisory
http://www.securityfocus.com/bid/61369
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:ofbiz:10.04.01:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:10.04.02:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:10.04.03:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:10.04.04:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:10.04.05:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:11.04.01:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:11.04.02:*:*:*:*:*:*:*

cpe:2.3:a:apache:ofbiz:12.04.01:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.12628

Средний

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-4xmq-9x3w-xpvr

github

больше 3 лет назад