Lucene search
K

4 matches found

seebug.org
seebug.org
added 2013/08/27 12:0 a.m.31 views

Apache OFBiz嵌套表达式任意UEL执行漏洞

Bugtraq ID:61369 CVE ID:CVE-2013-2250 Apache OFBiz是一款开源的ERP系统 Apache OFBiz没有正确校验参数值,如果提供的参数包含JUEL元字符,可导致执行任意统一表达式语言UEL函数 0 Apache OFBiz 10.04.01 - 10.04.05 Apache OFBiz 11.04.01 - 11.04.02 Apache OFBiz 12.04.01 厂商解决方案 Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞,建议用户下载更新: http://ofbiz.apache.o...

10CVSS6.5AI score0.12138EPSS
Exploits1
CVE
CVE
added 2013/08/15 4:0 p.m.66 views

CVE-2013-2250

Apache OFBiz is affected by CVE-2013-2250 due to improper validation of parameters containing JUEL metacharacters, allowing a remote attacker to trigger nested UEL expressions and execute arbitrary UEL functions. Impact is remote code execution with unauthenticated access. Affected versions: OFBi...

10CVSS7.6AI score0.12138EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/08/15 4:0 p.m.25 views

CVE-2013-2250

Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...

7.4AI score0.12138EPSS
Exploits1References6
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.94 views

[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz

CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...

10CVSS3.1AI score0.12138EPSS
Exploits1
Rows per page
Query Builder