CVE-2022-25370 - Vulnerability Details - OpenCVE

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01411.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache Subscribe	Ofbiz Subscribe

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-30041	Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/02/8
http://www.openwall.com/lists/oss-security/2022/09/03/1
https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:16

Updated: 2024-08-03T04:36:06.924Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25370

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-02T07:15:07.320

Modified: 2024-11-21T06:52:05.577

Link: CVE-2022-25370

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"containers": {"cna": {"affected": [{"product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "18.12.05", "status": "affected", "version": "Apache OFBiz", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-03T14:06:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-25370", "STATE": "PUBLIC", "TITLE": "Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OFBiz", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OFBiz", "version_value": "18.12.05"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh", "refsource": "MISC", "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.924Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Stored XSS (CVE-2022-25370)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25370", "datePublished": "2022-09-02T07:10:16", "dateReserved": "2022-02-20T00:00:00", "dateUpdated": "2024-08-03T04:36:06.924Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41AC544-FCCD-4136-BA78-4BA21DB66095", "versionEndExcluding": "18.12.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS."}, {"lang": "es", "value": "Apache OFBiz usa el plugin Birt (https://eclipse.github.io/birt-website/) para crear visualizaciones de datos e informes. En Apache OFBiz, versi\u00f3n 18.12.05 y anteriores, aprovechando una vulnerabilidad en Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), un usuario malicioso no autenticado podr\u00eda llevar a cabo un ataque de tipo XSS almacenado para inyectar una carga \u00fatil maliciosa y ejecutarla usando un ataque de tipo XSS almacenado"}], "id": "CVE-2022-25370", "lastModified": "2024-11-21T06:52:05.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T07:15:07.320", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/vrvzokvxqtc4t6d7g8xgz89xpxcvjofh"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}