Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-47501

CWE-22Path Traversal10 documents7 sources
Severity
7.5HIGH
EPSS
86.3%
top 0.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache OfbizApache Ofbiz
Timeline
PublishedApr 14
Latest updateJan 6

Description

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_ofbiz18.12.0618.12.07
NVDapache/ofbiz< 18.12.07

🔴Vulnerability Details

7
OSV
linux-raspi-5.4 vulnerabilities2025-01-06
OSV
linux-iot vulnerabilities2024-12-20
OSV
linux-aws, linux-aws-5.4 vulnerabilities2024-12-17
OSV
linux-bluefield, linux-oracle, linux-oracle-5.4 vulnerabilities2024-12-17
GHSA
GHSA-mxw6-c2fh-2h9w: Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin2023-07-06

💥Exploits & PoCs

1
Nuclei
Apache OFBiz < 18.12.07 - Local File Inclusion

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2022-47501
CVE-2022-47501 (HIGH CVSS 7.5) | Arbitrary file reading vulnerabilit | cvebase.io