Main Vulnerability Database Vulnerabilities #VU42667

Input validation error in OFBiz - CVE-2013-2250

Published: August 15, 2013 / Updated: August 11, 2020

Vulnerability identifier: #VU42667

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2013-2250

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
OFBiz

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

How to mitigate CVE-2013-2250

Install update from vendor's website.

Sources

http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
http://ofbiz.apache.org/download.html#vulnerabilities
http://osvdb.org/95522
http://secunia.com/advisories/53910
http://www.securityfocus.com/bid/61369
https://exchange.xforce.ibmcloud.com/vulnerabilities/85875

Input validation error in OFBiz - CVE-2013-2250

Detailed vulnerability description

How to mitigate CVE-2013-2250

Sources

Please verify you're human