CVE-2022-25371 - Vulnerability Details - OpenCVE

Description

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

Published: 2022-09-02

Score: 9.8 Critical

EPSS: 1.9% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apache Software Foundation

Apache OFBiz

affected

Version	Status	Constraints
`Apache OFBiz`	affected	≤ 18.12.05

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0195.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/02/7
http://www.openwall.com/lists/oss-security/2022/09/03/1
http://www.openwall.com/lists/oss-security/2022/09/08/2
https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq

History

Wed, 20 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Apache Ofbiz

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:17.000Z

Updated: 2024-11-20T15:11:11.129Z

Reserved: 2022-02-20T00:00:00.000Z

Link: CVE-2022-25371

Vulnrichment

Updated: 2024-08-03T04:36:06.997Z

NVD

Status : Modified

Published: 2022-09-02T07:15:07.450

Modified: 2024-11-21T06:52:05.710

Link: CVE-2022-25371

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"containers": {"cna": {"affected": [{"product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "18.12.05", "status": "affected", "version": "Apache OFBiz", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-26T10:22:24.123Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-25371", "STATE": "PUBLIC", "TITLE": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OFBiz", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OFBiz", "version_value": "18.12.05"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "refsource": "MISC", "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-30T16:49:30.632041Z", "id": "CVE-2022-25371", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T15:11:11.129Z"}}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25371", "datePublished": "2022-09-02T07:10:17.000Z", "dateReserved": "2022-02-20T00:00:00.000Z", "dateUpdated": "2024-11-20T15:11:11.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.997Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-25371", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-30T16:49:30.632041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:58:51.271Z"}}], "cna": {"title": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache OFBiz", "versions": [{"status": "affected", "version": "Apache OFBiz", "versionType": "custom", "lessThanOrEqual": "18.12.05"}]}], "references": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "tags": ["x_refsource_MISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-26T10:22:24.123Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "impact": [{}], "source": {"discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "Apache OFBiz", "version_value": "18.12.05", "version_affected": "<="}]}, "product_name": "Apache OFBiz"}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-25371", "STATE": "PUBLIC", "TITLE": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "ASSIGNER": "security@apache.org"}}}}, "cveMetadata": {"cveId": "CVE-2022-25371", "state": "PUBLISHED", "dateUpdated": "2024-11-20T15:11:11.129Z", "dateReserved": "2022-02-20T00:00:00.000Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-09-02T07:10:17.000Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41AC544-FCCD-4136-BA78-4BA21DB66095", "versionEndExcluding": "18.12.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}, {"lang": "es", "value": "Apache OFBiz usa el plugin del proyecto Birt (https://eclipse.github.io/birt-website/) para crear visualizaciones de datos e informes. Aprovechando un bug en Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) es posible llevar a cabo un ataque de ejecuci\u00f3n de c\u00f3digo remota (RCE) en Apache OFBiz, versiones 18.12.05 y anteriores"}], "id": "CVE-2022-25371", "lastModified": "2024-11-21T06:52:05.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T07:15:07.450", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}