CVE-2013-2250

2013-08-1516:55:00

CWE-20

[email protected]

web.nvd.nist.gov

apache

ofbiz

uel

remote code execution

cve-2013-2250

security vulnerability

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

79.4%

JSON

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

CPENameOperatorVersion
apache:ofbizapache ofbizeq12.04.01
apache:ofbizapache ofbizeq11.04.01
apache:ofbizapache ofbizeq11.04.02
apache:ofbizapache ofbizeq10.04.01
apache:ofbizapache ofbizeq10.04.02
apache:ofbizapache ofbizeq10.04.03
apache:ofbizapache ofbizeq10.04.04
apache:ofbizapache ofbizeq10.04.05

CPE	Name	Operator	Version
apache:ofbiz	apache ofbiz	eq	12.04.01
apache:ofbiz	apache ofbiz	eq	11.04.01
apache:ofbiz	apache ofbiz	eq	11.04.02
apache:ofbiz	apache ofbiz	eq	10.04.01
apache:ofbiz	apache ofbiz	eq	10.04.02
apache:ofbiz	apache ofbiz	eq	10.04.03
apache:ofbiz	apache ofbiz	eq	10.04.04
apache:ofbiz	apache ofbiz	eq	10.04.05