Vulnerability Details CVE-2013-2250
Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.126
EPSS Ranking 93.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
- http://ofbiz.apache.org/download.html#vulnerabilities
- http://osvdb.org/95522
- http://secunia.com/advisories/53910
- http://www.securityfocus.com/bid/61369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0143.html
- http://ofbiz.apache.org/download.html#vulnerabilities
- http://osvdb.org/95522
- http://secunia.com/advisories/53910
- http://www.securityfocus.com/bid/61369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85875
Products affected by CVE-2013-2250
-
cpe:2.3:a:apache:ofbiz:10.04.01
-
cpe:2.3:a:apache:ofbiz:10.04.02
-
cpe:2.3:a:apache:ofbiz:10.04.03
-
cpe:2.3:a:apache:ofbiz:10.04.04
-
cpe:2.3:a:apache:ofbiz:10.04.05
-
cpe:2.3:a:apache:ofbiz:11.04.01
-
cpe:2.3:a:apache:ofbiz:11.04.02
-
cpe:2.3:a:apache:ofbiz:12.04.01