CVE-2013-2250

critical Apache
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
5.9%
Exploitation probability in 30 days
Top 9% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: August 15, 2013 (4655 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.

CWE

CWE-20

Affected Products

apache ofbiz

References

🔗 archives.neohapsis.com 🔗 ofbiz.apache.org 🔗 osvdb.org 🔗 secunia.com 🔗 www.securityfocus.com