Vulnerability Description
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Ofbiz | < 18.12.06 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/09/02/7Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/09/03/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/09/08/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspqMailing ListPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/09/02/7Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/09/03/1Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/09/08/2Mailing ListThird Party Advisory
- https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspqMailing ListPatchVendor Advisory
FAQ
What is CVE-2022-25371?
CVE-2022-25371 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?i...
How severe is CVE-2022-25371?
CVE-2022-25371 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-25371?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Ofbiz.