CVE-2013-2250

Name of the Vulnerable Software and Affected Versions Apache Open For Business Project (aka OFBiz) versions 10.04.01 through 10.04.05 Apache Open For Business Project (aka OFBiz) versions 11.04.01 through 11.04.02 Apache Open For Business Project (aka OFBiz) version 12.04.01

Description The issue allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Recommendations For versions 10.04.01 through 10.04.05, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation. For versions 11.04.01 through 11.04.02, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation. For version 12.04.01, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation.