CVE-2022-29063 - Vulnerability Details - OpenCVE

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Ofbiz

Configuration 1 [-]

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/09/02/6
https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-09-02T07:10:19

Updated: 2024-08-03T06:10:59.274Z

Reserved: 2022-04-11T00:00:00

Link: CVE-2022-29063

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-02T07:15:07.570

Modified: 2024-11-21T06:58:26.067

Link: CVE-2022-29063

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache OFBiz", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "18.12.05", "status": "affected", "version": "Apache OFBiz", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Matei \"Mal\" Badanoiu"}], "descriptions": [{"lang": "en", "value": "The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-02T11:06:11", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"}, {"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"}], "source": {"discovery": "UNKNOWN"}, "title": "Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2022-29063", "STATE": "PUBLIC", "TITLE": "Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache OFBiz", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache OFBiz", "version_value": "18.12.05"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Matei \"Mal\" Badanoiu"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105", "refsource": "MISC", "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"}, {"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:59.274Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"}, {"name": "[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-29063", "datePublished": "2022-09-02T07:10:19", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:59.274Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*", "matchCriteriaId": "B41AC544-FCCD-4136-BA78-4BA21DB66095", "versionEndExcluding": "18.12.06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646."}, {"lang": "es", "value": "El plugin Solr de Apache OFBiz est\u00e1 configurado por defecto para realizar autom\u00e1ticamente una petici\u00f3n RMI en localhost, puerto 1099. En versiones 18.12.05 y anteriores, al alojar un servidor RMI malicioso en localhost, un atacante puede explotar este comportamiento, al iniciar el servidor o al reiniciarlo, para ejecutar c\u00f3digo arbitrario. Actualice al menos a versi\u00f3n 18.12.06 o aplique los parches en https://issues.apache.org/jira/browse/OFBIZ-12646"}], "id": "CVE-2022-29063", "lastModified": "2024-11-21T06:58:26.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-02T07:15:07.570", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}