CVE-2013-2250
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://ofbiz.apache.org/download.html#vulnerabilities
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
- http://ofbiz.apache.org/download.html#vulnerabilities
- http://osvdb.org/95522
- http://secunia.com/advisories/53910
- http://www.securityfocus.com/bid/61369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
- http://ofbiz.apache.org/download.html#vulnerabilities
- http://osvdb.org/95522
- http://secunia.com/advisories/53910
- http://www.securityfocus.com/bid/61369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
CWEs
CWE-20
Verify integrity in audit chain (admin only). AS-IS.