CVE-2022-25371

Apache OFBiz uses the Birt project plugin https://eclipse.github.io/birt-website/ to create data visualizations and reports. By leveraging a bug in Birt https://bugs.eclipse.org/bugs/showbug.cgi?id=538142 it is possible to perform a remote code execution RCE attack in Apache OFBiz, release 18.12....

Design/Logic Flaw

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

Apache OFBiz 跨站脚本漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation in the United States. The system provides a suite of Java-based web application components and tools. Apache OFBiz 18.12.05 and earlier versions contain a security vulnerability that can be exploited by...

Apache OFBiz 路径遍历漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...

Apache OFBiz 安全漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A security vulnerability exists in Apache OFBiz 18.12.05 and earlier, which can be exploited by attackers to conduct regular expression denial-of-service attacks...