PT-2022-19398 · Apache · Apache Ofbiz
Mal
+1
·
Published
2022-09-02
·
Updated
2022-09-08
·
CVE-2022-29063
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache OFBiz versions prior to 18.12.06
Description
The Solr plugin of Apache OFBiz is configured to automatically make a RMI request on localhost, port 1099 by default. In affected versions, an attacker may exploit this behavior by hosting a malicious RMI server on localhost to run arbitrary code at server start-up or on a server restart.
Recommendations
For versions prior to 18.12.06, upgrade to at least version 18.12.06 to resolve the issue. Alternatively, apply the patches available at the specified location.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ofbiz