CVE-2022-29063

Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.

El plugin Solr de Apache OFBiz está configurado por defecto para realizar automáticamente una petición RMI en localhost, puerto 1099. En versiones 18.12.05 y anteriores, al alojar un servidor RMI malicioso en localhost, un atacante puede explotar este comportamiento, al iniciar el servidor o al reiniciarlo, para ejecutar código arbitrario. Actualice al menos a versión 18.12.06 o aplique los parches en https://issues.apache.org/jira/browse/OFBIZ-12646

*Credits: Matei "Mal" Badanoiu

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-11 CVE Reserved
2022-09-02 CVE Published
2023-12-17 First Exploit
2024-08-03 CVE Updated
2024-08-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://github.com/mbadanoiu/CVE-2022-29063	2023-12-17

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2022/09/02/6	2022-09-08
https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105	2022-09-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Ofbiz Search vendor "Apache" for product "Ofbiz"				< 18.12.06 Search vendor "Apache" for product "Ofbiz" and version " < 18.12.06"		-		Affected