CVE-2022-25371 - OpenCVE

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Ofbiz

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/02/7
http://www.openwall.com/lists/oss-security/2022/09/03/1
http://www.openwall.com/lists/oss-security/2022/09/08/2
https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:17

Updated: 2024-08-03T04:36:06.997Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25371

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-02T07:15:07.450

Modified: 2024-01-25T21:17:58.817

Link: CVE-2022-25371

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "18.12.05", "status": "affected", "version": "Apache OFBiz", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-26T10:22:24.123Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-25371", "STATE": "PUBLIC", "TITLE": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OFBiz", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OFBiz", "version_value": "18.12.05"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "refsource": "MISC", "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25371", "datePublished": "2022-09-02T07:10:17", "dateReserved": "2022-02-20T00:00:00", "dateUpdated": "2024-08-03T04:36:06.997Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41AC544-FCCD-4136-BA78-4BA21DB66095", "versionEndExcluding": "18.12.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}, {"lang": "es", "value": "Apache OFBiz usa el plugin del proyecto Birt (https://eclipse.github.io/birt-website/) para crear visualizaciones de datos e informes. Aprovechando un bug en Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) es posible llevar a cabo un ataque de ejecuci\u00f3n de c\u00f3digo remota (RCE) en Apache OFBiz, versiones 18.12.05 y anteriores"}], "id": "CVE-2022-25371", "lastModified": "2024-01-25T21:17:58.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T07:15:07.450", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}