CVE-2022-25371 Apache Birt uses the Birt project plugin to create data visualizations and reports.

This issue was resolved in Apache OFBiz 18.12.06 and later. BIRT project plugin has a bug which can be exploited to execute arbitrary code on a victim's machine. This plugin is enabled by default in Apache OFBiz. When this plugin is enabled, it uses a hardcoded password for authentication. In order to execute arbitrary code on a victim's machine, one needs to send a specially crafted request with this plugin enabled.   Apache OFBiz is an open source alternative to Microsoft Office. It is used by more than 20 million users around the world every month. Apache OFBiz is the most widely used open source alternative to Microsoft Office. It is used by more than 20 million users every month. Apache OFBiz has more than 35 official extensions and another 29 unofficial extensions.  Apache OFBiz is the most widely used open source alternative to Microsoft Office. It is used by more than 20 million users every month. Apache OFBiz is the most widely used open source alternative to Microsoft Office. It is used by more than 20 million users every month. Apache OFBiz has more than 35 official extensions and another 29 unofficial extensions. Apache OFBiz is the most widely used open source alternative to Microsoft Office. It is used by more than 20 million users every month. Apache OFBiz is the most widely used open source alternative to Microsoft Office. It is used by more than 20 million users every month. Apache OFBiz has more than

Overview of CVE-2022 -25371

CVE-2022-25371 is a remote code execution vulnerability which was introduced in version Apache OFBiz 18.12.06 and later. This issue can be exploited to execute arbitrary code on the target's machine. To exploit this issue, one needs to send a specially crafted request with this plugin enabled. This issue is exploitable via a vulnerable application or web server that uses the plugins for BIRT project.

Overview of the Issue

The issue is that the plugin, BIRT project plugin, has a bug which can be exploited to execute arbitrary code on a victim's machine. The vulnerability was fixed in Apache OFBiz 18.12.06 and later.

Apache OFBiz RCE Vulnerability

This issue was resolved in Apache OFBiz 18.12.06 and later. BIRT project plugin has a bug which can be exploited to execute arbitrary code on a victim's machine. This plugin is enabled by default in Apache OFBiz. When this plugin is enabled, it uses a hardcoded password for authentication. In order to execute arbitrary code on a victim's machine, one needs to send a specially crafted request with this plugin enabled.

Timeline

Published on: 09/02/2022 07:15:00 UTC
Last modified on: 09/08/2022 18:15:00 UTC

References

• https://lists.apache.org/thread/bvp3sczqq863lxr1wh7wjvdtjbkcwspq
• http://www.openwall.com/lists/oss-security/2022/09/02/7
• http://www.openwall.com/lists/oss-security/2022/09/03/1
• http://www.openwall.com/lists/oss-security/2022/09/08/2
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25371