PT-2013-3624 · Apache · Apache Open For Business Project
Published
2013-08-15
·
Updated
2018-05-18
·
CVE-2013-2250
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Open For Business Project (aka OFBiz) versions 10.04.01 through 10.04.05
Apache Open For Business Project (aka OFBiz) versions 11.04.01 through 11.04.02
Apache Open For Business Project (aka OFBiz) version 12.04.01
Description
The issue allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
Recommendations
For versions 10.04.01 through 10.04.05, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation.
For versions 11.04.01 through 11.04.02, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation.
For version 12.04.01, consider restricting the use of Unified Expression Language (UEL) functions to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Open For Business Project