CVE-2022-25371 - Vulnerability Details - OpenCVE

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Apache	Ofbiz

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/02/7
http://www.openwall.com/lists/oss-security/2022/09/03/1
http://www.openwall.com/lists/oss-security/2022/09/08/2
https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq

History

Wed, 20 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:17

Updated: 2024-11-20T15:11:11.129Z

Reserved: 2022-02-20T00:00:00

Link: CVE-2022-25371

Vulnrichment

Updated: 2024-08-03T04:36:06.997Z

NVD

Status : Modified

Published: 2022-09-02T07:15:07.450

Modified: 2024-11-21T06:52:05.710

Link: CVE-2022-25371

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "18.12.05", "status": "affected", "version": "Apache OFBiz", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-26T10:22:24.123Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-25371", "STATE": "PUBLIC", "TITLE": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OFBiz", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OFBiz", "version_value": "18.12.05"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "refsource": "MISC", "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.997Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-30T16:49:30.632041Z", "id": "CVE-2022-25371", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T15:11:11.129Z"}}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25371", "datePublished": "2022-09-02T07:10:17", "dateReserved": "2022-02-20T00:00:00", "dateUpdated": "2024-11-20T15:11:11.129Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:36:06.997Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-25371", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-30T16:49:30.632041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:58:51.271Z"}}], "cna": {"title": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "en", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache OFBiz", "versions": [{"status": "affected", "version": "Apache OFBiz", "versionType": "custom", "lessThanOrEqual": "18.12.05"}]}], "references": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "tags": ["x_refsource_MISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "tags": ["mailing-list", "x_refsource_MLIST"]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-06-26T10:22:24.123Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Nikita Podotykin from Positive Technologies <npodotykin@ptsecurity.com>"}, {"lang": "eng", "value": "Positive Technologies zeroday <zeroday@ptsecurity.com>"}], "impact": [{}], "source": {"discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "Apache OFBiz", "version_value": "18.12.05", "version_affected": "<="}]}, "product_name": "Apache OFBiz"}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "name": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq", "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/02/7", "name": "[oss-security] 20220902 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/03/1", "name": "[oss-security] 20220903 Re: Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/08/2", "name": "[oss-security] 20220908 Apache OFBiz - Unauth Path Traversal with file corruption (CVE-2022-25371)", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-25371", "STATE": "PUBLIC", "TITLE": "Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz", "ASSIGNER": "security@apache.org"}}}}, "cveMetadata": {"cveId": "CVE-2022-25371", "state": "PUBLISHED", "dateUpdated": "2024-11-20T15:11:11.129Z", "dateReserved": "2022-02-20T00:00:00", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-09-02T07:10:17", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41AC544-FCCD-4136-BA78-4BA21DB66095", "versionEndExcluding": "18.12.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier."}, {"lang": "es", "value": "Apache OFBiz usa el plugin del proyecto Birt (https://eclipse.github.io/birt-website/) para crear visualizaciones de datos e informes. Aprovechando un bug en Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) es posible llevar a cabo un ataque de ejecuci\u00f3n de c\u00f3digo remota (RCE) en Apache OFBiz, versiones 18.12.05 y anteriores"}], "id": "CVE-2022-25371", "lastModified": "2024-11-21T06:52:05.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T07:15:07.450", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/08/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}