CVE-2013-2250

2013-08-1516:55:09

CWE-20

[email protected]

web.nvd.nist.gov

apache

ofbiz

uel

remote code execution

cve-2013-2250

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Affected configurations

NVD

Node

apacheofbizMatch10.04.01

apacheofbizMatch10.04.02

apacheofbizMatch10.04.03

apacheofbizMatch10.04.04

apacheofbizMatch10.04.05

apacheofbizMatch11.04.01

apacheofbizMatch11.04.02

apacheofbizMatch12.04.01

CPENameOperatorVersion
apache:ofbizapache ofbizeq10.04.01
apache:ofbizapache ofbizeq10.04.02
apache:ofbizapache ofbizeq10.04.03
apache:ofbizapache ofbizeq10.04.04
apache:ofbizapache ofbizeq10.04.05
apache:ofbizapache ofbizeq11.04.01
apache:ofbizapache ofbizeq11.04.02
apache:ofbizapache ofbizeq12.04.01

CPE	Name	Operator	Version
apache:ofbiz	apache ofbiz	eq	10.04.01
apache:ofbiz	apache ofbiz	eq	10.04.02
apache:ofbiz	apache ofbiz	eq	10.04.03
apache:ofbiz	apache ofbiz	eq	10.04.04
apache:ofbiz	apache ofbiz	eq	10.04.05
apache:ofbiz	apache ofbiz	eq	11.04.01
apache:ofbiz	apache ofbiz	eq	11.04.02
apache:ofbiz	apache ofbiz	eq	12.04.01