Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-2250

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

Published

2013-08-15T16:55:09.437

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	ofbiz	10.04.01	Yes
Application	apache	ofbiz	10.04.02	Yes
Application	apache	ofbiz	10.04.03	Yes
Application	apache	ofbiz	10.04.04	Yes
Application	apache	ofbiz	10.04.05	Yes
Application	apache	ofbiz	11.04.01	Yes
Application	apache	ofbiz	11.04.02	Yes
Application	apache	ofbiz	12.04.01	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html Broken Link ([email protected])
http://ofbiz.apache.org/download.html#vulnerabilities Patch, Vendor Advisory ([email protected])
http://osvdb.org/95522 Broken Link ([email protected])
http://secunia.com/advisories/53910 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/61369 Third Party Advisory, VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/85875 Third Party Advisory, VDB Entry ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://ofbiz.apache.org/download.html#vulnerabilities Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/95522 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/53910 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/61369 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/85875 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)