CVE-2023-46819 - OpenCVE

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Ofbiz

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/release-notes-18.12.09.html
https://ofbiz.apache.org/security.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-07T11:02:03.305Z

Updated: 2024-09-04T19:09:30.869Z

Reserved: 2023-10-27T07:20:50.849Z

Link: CVE-2023-46819

Vulnrichment

Updated: 2024-08-02T20:53:21.883Z

NVD

Status : Modified

Published: 2023-11-07T11:15:10.937

Modified: 2024-09-04T19:35:08.043

Link: CVE-2023-46819

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46819", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-10-27T07:20:50.849Z", "datePublished": "2023-11-07T11:02:03.305Z", "dateUpdated": "2024-09-04T19:09:30.869Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "18.12.09", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Anonymous by demand"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.<br><p>This issue affects Apache OFBiz: before 18.12.09. \n\n<span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to version 18.12.09</span></p>"}], "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.\nThis issue affects Apache OFBiz: before 18.12.09.\u00a0\n\nUsers are recommended to upgrade to version 18.12.09\n\n"}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-10T08:04:39.492Z"}, "references": [{"tags": ["mitigation"], "url": "https://ofbiz.apache.org/download.html"}, {"tags": ["related"], "url": "https://ofbiz.apache.org/security.html"}, {"tags": ["release-notes"], "url": "https://ofbiz.apache.org/release-notes-18.12.09.html"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache OFBiz: Execution of Solr plugin queries without authentication", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.883Z"}, "title": "CVE Program Container", "references": [{"tags": ["mitigation", "x_transferred"], "url": "https://ofbiz.apache.org/download.html"}, {"tags": ["related", "x_transferred"], "url": "https://ofbiz.apache.org/security.html"}, {"tags": ["release-notes", "x_transferred"], "url": "https://ofbiz.apache.org/release-notes-18.12.09.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T19:08:46.622717Z", "id": "CVE-2023-46819", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T19:09:30.869Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ofbiz.apache.org/download.html", "tags": ["mitigation", "x_transferred"]}, {"url": "https://ofbiz.apache.org/security.html", "tags": ["related", "x_transferred"]}, {"url": "https://ofbiz.apache.org/release-notes-18.12.09.html", "tags": ["release-notes", "x_transferred"]}, {"url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.883Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-46819", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T19:08:46.622717Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T19:09:23.759Z"}}], "cna": {"title": "Apache OFBiz: Execution of Solr plugin queries without authentication", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Anonymous by demand"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache OFBiz", "versions": [{"status": "affected", "version": "0", "lessThan": "18.12.09", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://ofbiz.apache.org/download.html", "tags": ["mitigation"]}, {"url": "https://ofbiz.apache.org/security.html", "tags": ["related"]}, {"url": "https://ofbiz.apache.org/release-notes-18.12.09.html", "tags": ["release-notes"]}, {"url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.\nThis issue affects Apache OFBiz: before 18.12.09.\u00a0\n\nUsers are recommended to upgrade to version 18.12.09\n\n", "supportingMedia": [{"type": "text/html", "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.<br><p>This issue affects Apache OFBiz: before 18.12.09. \n\n<span style=\"background-color: rgb(255, 255, 255);\">Users are recommended to upgrade to version 18.12.09</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-10T08:04:39.492Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46819", "state": "PUBLISHED", "dateUpdated": "2024-09-04T19:09:30.869Z", "dateReserved": "2023-10-27T07:20:50.849Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-11-07T11:02:03.305Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "232A3660-508C-40BE-806D-5B2EAC0D9950", "versionEndExcluding": "18.12.09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.\nThis issue affects Apache OFBiz: before 18.12.09.\u00a0\n\nUsers are recommended to upgrade to version 18.12.09\n\n"}, {"lang": "es", "value": "Falta autenticaci\u00f3n en Apache Software Foundation Apache OFBiz cuando se usa el complemento Solr. Este problema afecta a Apache OFBiz: antes del 18.12.09. Se recomienda a los usuarios actualizar a la versi\u00f3n 18.12.09"}], "id": "CVE-2023-46819", "lastModified": "2024-09-04T19:35:08.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-11-07T11:15:10.937", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99"}, {"source": "security@apache.org", "tags": ["Product"], "url": "https://ofbiz.apache.org/download.html"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://ofbiz.apache.org/release-notes-18.12.09.html"}, {"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://ofbiz.apache.org/security.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security@apache.org", "type": "Primary"}]}