Vulnerability Details : CVE-2022-25371
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
Vulnerability category: Directory traversalExecute code
Products affected by CVE-2022-25371
- cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-25371
2.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-25371
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2022-25371
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- nvd@nist.gov (Secondary)
- security@apache.org (Primary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by:
- nvd@nist.gov (Primary)
- security@apache.org (Secondary)
References for CVE-2022-25371
-
http://www.openwall.com/lists/oss-security/2022/09/02/7
oss-security - Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)Mailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)-Apache Mail ArchivesMailing List;Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2022/09/03/1
oss-security - Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)Mailing List;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2022/09/08/2
oss-security - Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)Mailing List;Third Party Advisory
Jump to