Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
History

Wed, 20 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:17

Updated: 2024-11-20T15:11:11.129Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25371

cve-icon Vulnrichment

Updated: 2024-08-03T04:36:06.997Z

cve-icon NVD

Status : Modified

Published: 2022-09-02T07:15:07.450

Modified: 2024-11-21T06:52:05.710

Link: CVE-2022-25371

cve-icon Redhat

No data.