CVE-2022-47501

Опубликовано: 14 апр. 2023

Источник: nvd

CVSS3: 7.5

EPSS Высокий

Описание

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

Ссылки

http://www.openwall.com/lists/oss-security/2023/04/18/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/9
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/19/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/19/6
Mailing List
Third Party Advisory
https://lists.apache.org/thread/k8s76l0whydy45bfm4b69vq0mf94p3wc
Vendor Advisory
https://ofbiz.apache.org/download.html
Vendor Advisory
https://ofbiz.apache.org/security.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/5
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/18/9
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/19/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/04/19/6
Mailing List
Third Party Advisory
https://lists.apache.org/thread/k8s76l0whydy45bfm4b69vq0mf94p3wc
Vendor Advisory
https://ofbiz.apache.org/download.html
Vendor Advisory
https://ofbiz.apache.org/security.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

Версия до 18.12.07 (исключая)

EPSS

Процентиль: 99%

0.8349

Высокий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-mxw6-c2fh-2h9w