7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
High
0.042 Low
EPSS
Percentile
92.3%
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
archives.neohapsis.com/archives/fulldisclosure/2013-06/0099.html
rhn.redhat.com/errata/RHSA-2013-1862.html
svn.apache.org/viewvc?view=revision&revision=1462076
svn.apache.org/viewvc?view=revision&revision=1462225
svn.apache.org/viewvc?view=revision&revision=1462268
svn.apache.org/viewvc?view=revision&revision=1462318
svn.apache.org/viewvc?view=revision&revision=1462328
svn.apache.org/viewvc?view=revision&revision=1462488
svn.apache.org/viewvc?view=revision&revision=1462512
svn.apache.org/viewvc?view=revision&revision=1462558
www-01.ibm.com/support/docview.wss?uid=swg1PM86780
www-01.ibm.com/support/docview.wss?uid=swg1PM86786
www-01.ibm.com/support/docview.wss?uid=swg1PM86788
www-01.ibm.com/support/docview.wss?uid=swg1PM86791
www-01.ibm.com/support/docview.wss?uid=swg21635999
www-01.ibm.com/support/docview.wss?uid=swg21644047
www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
www.securityfocus.com/bid/60534
exchange.xforce.ibmcloud.com/vulnerabilities/82268