CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25813

In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.572

EPSS Ranking 98.0%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2022-25813

Apache » Ofbiz » Version: N/A

cpe:2.3:a:apache:ofbiz:-
Apache » Ofbiz » Version: 09.04

cpe:2.3:a:apache:ofbiz:09.04
Apache » Ofbiz » Version: 09.04.01

cpe:2.3:a:apache:ofbiz:09.04.01
Apache » Ofbiz » Version: 10.04

cpe:2.3:a:apache:ofbiz:10.04
Apache » Ofbiz » Version: 10.04.01

cpe:2.3:a:apache:ofbiz:10.04.01
Apache » Ofbiz » Version: 10.04.02

cpe:2.3:a:apache:ofbiz:10.04.02
Apache » Ofbiz » Version: 10.04.03

cpe:2.3:a:apache:ofbiz:10.04.03
Apache » Ofbiz » Version: 10.04.04

cpe:2.3:a:apache:ofbiz:10.04.04
Apache » Ofbiz » Version: 10.04.05

cpe:2.3:a:apache:ofbiz:10.04.05
Apache » Ofbiz » Version: 10.04.06

cpe:2.3:a:apache:ofbiz:10.04.06
Apache » Ofbiz » Version: 11.04

cpe:2.3:a:apache:ofbiz:11.04
Apache » Ofbiz » Version: 11.04.01

cpe:2.3:a:apache:ofbiz:11.04.01
Apache » Ofbiz » Version: 11.04.02

cpe:2.3:a:apache:ofbiz:11.04.02
Apache » Ofbiz » Version: 11.04.03

cpe:2.3:a:apache:ofbiz:11.04.03
Apache » Ofbiz » Version: 11.04.04

cpe:2.3:a:apache:ofbiz:11.04.04
Apache » Ofbiz » Version: 11.04.05

cpe:2.3:a:apache:ofbiz:11.04.05
Apache » Ofbiz » Version: 11.04.06

cpe:2.3:a:apache:ofbiz:11.04.06
Apache » Ofbiz » Version: 12.04

cpe:2.3:a:apache:ofbiz:12.04
Apache » Ofbiz » Version: 12.04.01

cpe:2.3:a:apache:ofbiz:12.04.01
Apache » Ofbiz » Version: 12.04.02

cpe:2.3:a:apache:ofbiz:12.04.02
Apache » Ofbiz » Version: 12.04.03

cpe:2.3:a:apache:ofbiz:12.04.03
Apache » Ofbiz » Version: 12.04.04

cpe:2.3:a:apache:ofbiz:12.04.04
Apache » Ofbiz » Version: 12.04.05

cpe:2.3:a:apache:ofbiz:12.04.05
Apache » Ofbiz » Version: 12.04.06

cpe:2.3:a:apache:ofbiz:12.04.06
Apache » Ofbiz » Version: 13.07

cpe:2.3:a:apache:ofbiz:13.07
Apache » Ofbiz » Version: 13.07.01

cpe:2.3:a:apache:ofbiz:13.07.01
Apache » Ofbiz » Version: 13.07.02

cpe:2.3:a:apache:ofbiz:13.07.02
Apache » Ofbiz » Version: 13.07.03

cpe:2.3:a:apache:ofbiz:13.07.03
Apache » Ofbiz » Version: 16.11.01

cpe:2.3:a:apache:ofbiz:16.11.01
Apache » Ofbiz » Version: 16.11.02

cpe:2.3:a:apache:ofbiz:16.11.02
Apache » Ofbiz » Version: 16.11.03

cpe:2.3:a:apache:ofbiz:16.11.03
Apache » Ofbiz » Version: 16.11.04

cpe:2.3:a:apache:ofbiz:16.11.04
Apache » Ofbiz » Version: 16.11.05

cpe:2.3:a:apache:ofbiz:16.11.05
Apache » Ofbiz » Version: 16.11.06

cpe:2.3:a:apache:ofbiz:16.11.06
Apache » Ofbiz » Version: 16.11.07

cpe:2.3:a:apache:ofbiz:16.11.07
Apache » Ofbiz » Version: 17.12.01

cpe:2.3:a:apache:ofbiz:17.12.01
Apache » Ofbiz » Version: 17.12.03

cpe:2.3:a:apache:ofbiz:17.12.03
Apache » Ofbiz » Version: 17.12.04

cpe:2.3:a:apache:ofbiz:17.12.04
Apache » Ofbiz » Version: 17.12.05

cpe:2.3:a:apache:ofbiz:17.12.05
Apache » Ofbiz » Version: 17.12.06

cpe:2.3:a:apache:ofbiz:17.12.06
Apache » Ofbiz » Version: 17.12.07

cpe:2.3:a:apache:ofbiz:17.12.07
Apache » Ofbiz » Version: 17.12.08

cpe:2.3:a:apache:ofbiz:17.12.08
Apache » Ofbiz » Version: 17.12.09

cpe:2.3:a:apache:ofbiz:17.12.09
Apache » Ofbiz » Version: 18.12.01

cpe:2.3:a:apache:ofbiz:18.12.01
Apache » Ofbiz » Version: 18.12.02

cpe:2.3:a:apache:ofbiz:18.12.02
Apache » Ofbiz » Version: 18.12.03

cpe:2.3:a:apache:ofbiz:18.12.03
Apache » Ofbiz » Version: 18.12.04

cpe:2.3:a:apache:ofbiz:18.12.04
Apache » Ofbiz » Version: 18.12.05

cpe:2.3:a:apache:ofbiz:18.12.05
Apache » Ofbiz » Version: 9.04

cpe:2.3:a:apache:ofbiz:9.04
Apache » Ofbiz » Version: 9.04.01

cpe:2.3:a:apache:ofbiz:9.04.01
Apache » Ofbiz » Version: 9.04.02

cpe:2.3:a:apache:ofbiz:9.04.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25813

Products

Pricing

Contact Us