CyberSec.Space Logo
Back to CVE Browser

CVE-2013-2250

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0110%
EPSS Percentile9.71th
PublishedAug 15, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Affected Platforms (CPE)

πŸ“¦
Apache

Ofbiz

= 10.04.01
πŸ“¦
Apache

Ofbiz

= 10.04.02
πŸ“¦
Apache

Ofbiz

= 10.04.03
πŸ“¦
Apache

Ofbiz

= 10.04.04
πŸ“¦
Apache

Ofbiz

= 10.04.05
πŸ“¦
Apache

Ofbiz

= 11.04.01
πŸ“¦
Apache

Ofbiz

= 11.04.02
πŸ“¦
Apache

Ofbiz

= 12.04.01

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
πŸ”— http://ofbiz.apache.org/download.html#vulnerabilities
πŸ”— http://osvdb.org/95522
πŸ”— http://secunia.com/advisories/53910
πŸ”— http://www.securityfocus.com/bid/61369
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
πŸ”— http://ofbiz.apache.org/download.html#vulnerabilities

Related Vulnerabilities

CVE-2012-350610.0

Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attac...

CVE-2018-172009.8

The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtool...

CVE-2019-100749.8

An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on ...

CVE-2019-01899.8

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/htt...