CVE-2013-1768

Name of the Vulnerable Software and Affected Versions Apache OpenJPA versions 1.x through 1.2.2 Apache OpenJPA versions 2.x through 2.2.1

Description The issue allows remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs. This is made possible because the BrokerFactory functionality in Apache OpenJPA creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects.

Recommendations For Apache OpenJPA versions 1.x through 1.2.2, update to version 1.2.3 or later. For Apache OpenJPA versions 2.x through 2.2.1, update to version 2.2.2 or later.