CVE-2022-29063

Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz

Time Line

Published

2024-03-19

Updated

2024-03-19

Firt exploit

2024-03-19

Overview

Descriptions (2)

NVD, NVD

CWE (1)

CWE-502: Deserialization of Untrusted Data

CAPEC (-)

Risk

CVSS Score

9.8 Critical

SSVC

KEV

EPSS

0.5%

Affected Products (-)

Vendors (1)

apache

Products (1)

ofbiz

Versions (1)

< 18.12.06

Intel Resources (-)

Advisories (-)

Exploits (-)

Plugins (-)

References (3)

General (-)

Exploits & POcs (1)

github

Patches (2)

openwall, apache

Advisories (-)

Summary

Descriptions

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.

El plugin Solr de Apache OFBiz está configurado por defecto para realizar automáticamente una petición RMI en localhost, puerto 1099. En versiones 18.12.05 y anteriores, al alojar un servidor RMI malicioso en localhost, un atacante puede explotar este comportamiento, al iniciar el servidor o al reiniciarlo, para ejecutar código arbitrario. Actualice al menos a versión 18.12.06 o aplique los parches en https://issues.apache.org/jira/browse/OFBIZ-12646

*Credits: Matei "Mal" Badanoiu

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-11 CVE Reserved
2022-09-02 CVE Published
2023-12-17 First Exploit
2024-08-03 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

Threat Intelligence Resources (0)

Advisories (0)
Exploits (0)

Security Advisory details:

Select an advisory to view details here.

Select	Title	Date

Select an exploit to view details here.

References (3)

URL	Tag	Source

URL	Date	SRC
https://github.com/mbadanoiu/CVE-2022-29063	2023-12-17

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2022/09/02/6	2022-09-08
https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105	2022-09-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Ofbiz Search vendor "Apache" for product "Ofbiz"				< 18.12.06 Search vendor "Apache" for product "Ofbiz" and version " < 18.12.06"		-		Affected

CVE-2022-29063

Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz

Severity Score

Exploit Likelihood

Affected Versions

Public Exploits

Exploited in Wild

Decision

Summary

Descriptions

CVSS Scores

SSVC

Timeline

CWE

CAPEC

Threat Intelligence Resources (0)

References (3)

Affected Vendors, Products, and Versions