Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.106
EPSS Ranking 93.0%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2013-1768
  • Apache » Openjpa » Version: 1.0.0
    cpe:2.3:a:apache:openjpa:1.0.0
  • Apache » Openjpa » Version: 1.0.1
    cpe:2.3:a:apache:openjpa:1.0.1
  • Apache » Openjpa » Version: 1.0.2
    cpe:2.3:a:apache:openjpa:1.0.2
  • Apache » Openjpa » Version: 1.0.3
    cpe:2.3:a:apache:openjpa:1.0.3
  • Apache » Openjpa » Version: 1.0.4
    cpe:2.3:a:apache:openjpa:1.0.4
  • Apache » Openjpa » Version: 1.1.0
    cpe:2.3:a:apache:openjpa:1.1.0
  • Apache » Openjpa » Version: 1.2.0
    cpe:2.3:a:apache:openjpa:1.2.0
  • Apache » Openjpa » Version: 1.2.1
    cpe:2.3:a:apache:openjpa:1.2.1
  • Apache » Openjpa » Version: 1.2.2
    cpe:2.3:a:apache:openjpa:1.2.2
  • Apache » Openjpa » Version: 2.0.0
    cpe:2.3:a:apache:openjpa:2.0.0
  • Apache » Openjpa » Version: 2.0.1
    cpe:2.3:a:apache:openjpa:2.0.1
  • Apache » Openjpa » Version: 2.1.0
    cpe:2.3:a:apache:openjpa:2.1.0
  • Apache » Openjpa » Version: 2.1.1
    cpe:2.3:a:apache:openjpa:2.1.1
  • Apache » Openjpa » Version: 2.2.0
    cpe:2.3:a:apache:openjpa:2.2.0
  • Apache » Openjpa » Version: 2.2.1
    cpe:2.3:a:apache:openjpa:2.2.1


Contact Us

Shodan ® - All rights reserved