CVE-2013-2250Improper Input Validation in Apache Ofbiz

CWE-20Improper Input Validation4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
5.9%
top 9.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Ofbiz
Timeline
PublishedAug 15
Latest updateMay 14

Description

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDapache/ofbiz8 versions+7

Patches

Patch: ofbiz.apache.orgPatch: ofbiz.apache.org

🔴Vulnerability Details

2
GHSA
GHSA-4xmq-9x3w-xpvr: Apache Open For Business Project (aka OFBiz) 102022-05-14
CVEList
CVE-2013-2250: Apache Open For Business Project (aka OFBiz) 102013-08-15

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2013-2250
CVE-2013-2250 — Improper Input Validation in Apache | cvebase