Back to search
CVE-2022-29063
Published: Sep 2, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache OFBiz | affected Apache OFBiz - <= 18.12.05 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/ytzrjc16pf357zntwk8tjby13kbx9105
x_refsource_MISC
[oss-security] 20220902 Apache OFBiz - Java Deserialization via RMI Connection (CVE-2022-29063)
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now