Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-09-02T07:10:17
Updated: 2024-08-03T04:36:06.997Z
Reserved: 2022-02-20T00:00:00
Link: CVE-2022-25371
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-09-02T07:15:07.450
Modified: 2024-01-25T21:17:58.817
Link: CVE-2022-25371
Redhat
No data.