Published: 02/09/2022 Updated: 08/09/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and previous versions, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at issues.apache.org/jira/browse/OFBIZ-12646.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ofbiz

CVE-2022-29063: Java Deserialization via RMI Connection in Apache OfBiz

CVE-2022-29063: Java Deserialization via RMI Connection in Apache OfBiz The OfBiz Solr plugin is configured by default to automatically make a RMI request on localhost, port 1099 By hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code as the user that started OfBiz and pote

CWE-502 https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105 http://www.openwall.com/lists/oss-security/2022/09/02/6 https://nvd.nist.gov https://github.com/mbadanoiu/CVE-2022-29063

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-29063

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect