Multiple vulnerabilities in Apache OfBiz
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2022-25813 CVE-2022-29063 CVE-2022-29158 CVE-2022-25371 CVE-2022-25370 |
| CWE-ID | CWE-94 CWE-345 CWE-185 CWE-20 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
OFBiz Other software / Other software solutions |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Server-side template injection
EUVDB-ID: #VU74610
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-25813
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the ecommerce plugin. A remote attacker can inject malicious content via the message “Subject” field from the "Contact us" page and execute arbitrary code on the system, when a party manager lists communications in the party component.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOFBiz: 4.0 - 18.12.05
CPE2.3- cpe:2.3:a:apache_foundation:ofbiz:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04.01:*:*:*:*:*:*:*
https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b
https://www.openwall.com/lists/oss-security/2022/09/02/4
https://github.com/apache/ofbiz-framework/commit/843b1c7e71
https://github.com/apache/ofbiz-framework/commit/3797e60375
https://github.com/apache/ofbiz-framework/commit/b24dcff344
https://github.com/apache/ofbiz-framework/commit/871ce2aa2e
https://github.com/apache/ofbiz-plugins/commit/829e1ca53
https://github.com/apache/ofbiz-framework/commit/16ed130367
https://github.com/apache/ofbiz-framework/commit/5cc45e8701
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficient verification of data authenticity
EUVDB-ID: #VU74611
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29063
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to missing verification of data authenticity within the Solr plugin when processing RMI requests sent to localhost to port 1099. A local user with access to the system can host a malicious RMI server on the system and execute arbitrary code with privileges of Apache OFBiz during server start-up or on a server restart.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOFBiz: 4.0 - 18.12.05
CPE2.3- cpe:2.3:a:apache_foundation:ofbiz:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04.01:*:*:*:*:*:*:*
https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105
https://www.openwall.com/lists/oss-security/2022/09/02/6
https://github.com/apache/ofbiz-plugins/commit/061252a80
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Regular Expression
EUVDB-ID: #VU74612
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-29158
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when handling URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability..
Vulnerable software versionsOFBiz: 4.0 - 18.12.05
CPE2.3- cpe:2.3:a:apache_foundation:ofbiz:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04.01:*:*:*:*:*:*:*
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
https://www.openwall.com/lists/oss-security/2022/09/02/5
https://github.com/apache/ofbiz-framework/commit/ff92c4bc9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU74613
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-25371
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the Birt project plugin. A remote attacker can pass specially crafted input to the application and execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsOFBiz: 4.0 - 18.12.05
CPE2.3- cpe:2.3:a:apache_foundation:ofbiz:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04.01:*:*:*:*:*:*:*
https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
https://www.openwall.com/lists/oss-security/2022/09/02/7
https://www.openwall.com/lists/oss-security/2022/09/03/1
https://www.openwall.com/lists/oss-security/2022/09/08/2
https://github.com/eclipse/birt/issues/625
https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU74614
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-25370
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the Birt plugin. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOFBiz: 4.0 - 18.12.05
CPE2.3- cpe:2.3:a:apache_foundation:ofbiz:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:ofbiz:09.04.01:*:*:*:*:*:*:*
https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh
https://www.openwall.com/lists/oss-security/2022/09/02/8
https://www.openwall.com/lists/oss-security/2022/09/03/1
https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142
https://github.com/eclipse/birt/issues/625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
