CVEブラウザに戻る

CVE-2013-2250

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0110%

EPSS Percentile9.71th

Published2013年8月15日

Last Modified2026年4月29日

Vulnerability Description

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Affected Platforms (CPE)

📦

Apache

Ofbiz

= 10.04.01

📦

Apache

Ofbiz

= 10.04.02

📦

Apache

Ofbiz

= 10.04.03

📦

Apache

Ofbiz

= 10.04.04

📦

Apache

Ofbiz

= 10.04.05

📦

Apache

Ofbiz

= 11.04.01

📦

Apache

Ofbiz

= 11.04.02

📦

Apache

Ofbiz

= 12.04.01

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html

🔗 http://ofbiz.apache.org/download.html#vulnerabilities

🔗 http://osvdb.org/95522

🔗 http://secunia.com/advisories/53910

🔗 http://www.securityfocus.com/bid/61369

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/85875

🔗 http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html

🔗 http://ofbiz.apache.org/download.html#vulnerabilities

関連する脆弱性情報

CVE-2012-350610.0

Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attac...

CVE-2018-172009.8

The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtool...

CVE-2019-100749.8

An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on ...

CVE-2019-01899.8

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/htt...