Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
Metrics
Affected Vendors & Products
References
History
Wed, 20 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-09-02T07:10:17
Updated: 2024-11-20T15:11:11.129Z
Reserved: 2022-02-20T00:00:00
Link: CVE-2022-25371
Vulnrichment
Updated: 2024-08-03T04:36:06.997Z
NVD
Status : Modified
Published: 2022-09-02T07:15:07.450
Modified: 2024-11-21T06:52:05.710
Link: CVE-2022-25371
Redhat
No data.