Search criteria

9 vulnerabilities found for openbravo_erp by openbravo

FKIE_CVE-2019-14362

Vulnerability from fkie_nvd - Published: 2019-07-28 18:15 - Updated: 2024-11-21 04:26
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
References
cve@mitre.orghttps://grep.blog/directory-traversal-openbravo/Third Party Advisory
cve@mitre.orghttps://issues.openbravo.com/view.php?id=41413Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://www.sitincloud.com/securite/directory-traversal-openbravo-erp/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://grep.blog/directory-traversal-openbravo/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.openbravo.com/view.php?id=41413Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
openbravo openbravo_erp 3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "7BB25161-9D16-4333-BE35-FAB1F0668831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack0.1:*:*:*:*:*:*",
              "matchCriteriaId": "A5B59DBC-2FE6-456D-8397-8F850DD3D273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack1:*:*:*:*:*:*",
              "matchCriteriaId": "62634E19-5401-4318-A72D-D4599B3967B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack10:*:*:*:*:*:*",
              "matchCriteriaId": "39D2B604-B466-439D-9BCB-80E9B93A83DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack10.1:*:*:*:*:*:*",
              "matchCriteriaId": "B6AA745E-DAB5-4647-A2A6-61E37E60AB88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack10.2:*:*:*:*:*:*",
              "matchCriteriaId": "AE6FED44-CF81-4289-8F42-7295066C7952",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack10.3:*:*:*:*:*:*",
              "matchCriteriaId": "4FC9EAB5-7497-4C94-A198-9DDC36AF2354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack11:*:*:*:*:*:*",
              "matchCriteriaId": "7F987158-0A41-4911-BF12-9195D287FDA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack11.1:*:*:*:*:*:*",
              "matchCriteriaId": "FB526293-2A1C-4395-BBB0-CB464C57F650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack12:*:*:*:*:*:*",
              "matchCriteriaId": "638FE4BA-09F2-48ED-91DE-64503E6974D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack12.1:*:*:*:*:*:*",
              "matchCriteriaId": "1796942E-84EF-4BE5-88EE-818BF3175A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack12.2:*:*:*:*:*:*",
              "matchCriteriaId": "1B1CD2BF-25F7-4130-8479-95C6FAC8F63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack13:*:*:*:*:*:*",
              "matchCriteriaId": "2D4B8D80-3A31-4606-BA07-BD6F9DFBA636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack13.1:*:*:*:*:*:*",
              "matchCriteriaId": "2F2C8D62-2C83-43E4-8096-E0493D9E50B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack13.2:*:*:*:*:*:*",
              "matchCriteriaId": "D2533D53-17A6-4CA1-8C6F-406B098018E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack14:*:*:*:*:*:*",
              "matchCriteriaId": "863FC80F-4323-42F4-A5D6-D830A1755D7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack14.1:*:*:*:*:*:*",
              "matchCriteriaId": "35F28A58-4F51-4BFE-A538-0383E98131A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack14.2:*:*:*:*:*:*",
              "matchCriteriaId": "124F70B7-162A-47E8-A613-903D26347AA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack15:*:*:*:*:*:*",
              "matchCriteriaId": "770D266C-247A-4D98-A905-8054E11E20B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack15.1:*:*:*:*:*:*",
              "matchCriteriaId": "6B620CD5-C542-43C2-ADB0-C2FD14F8009F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack15.2:*:*:*:*:*:*",
              "matchCriteriaId": "268B5413-0383-4ADC-AE98-134EADE8B7D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack16:*:*:*:*:*:*",
              "matchCriteriaId": "63167EFD-9D2E-4BC9-B593-5147D22F1D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack16.1:*:*:*:*:*:*",
              "matchCriteriaId": "7CC7D8E0-E25A-45DB-B71B-DCD4DBC02D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack16.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DAFDF0F-8F67-4961-AF90-D1DC40A07E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack16.3:*:*:*:*:*:*",
              "matchCriteriaId": "BB113340-EA10-43A5-918A-6819150D2717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack17:*:*:*:*:*:*",
              "matchCriteriaId": "A9D6CD27-773E-4A89-A368-0846B238DA3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack17.1:*:*:*:*:*:*",
              "matchCriteriaId": "B018E732-E70C-4EDC-A1E2-ABD8E6DAFBA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack17.2:*:*:*:*:*:*",
              "matchCriteriaId": "BD111512-6962-4391-B0B0-6A75E0BF65E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack17.3:*:*:*:*:*:*",
              "matchCriteriaId": "73810F20-9889-4309-9539-A8B5CB3DBAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18:*:*:*:*:*:*",
              "matchCriteriaId": "F9C023C5-6A26-4193-A993-0E8785D69858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18.1:*:*:*:*:*:*",
              "matchCriteriaId": "DF4F3DF4-7625-4012-93BF-1127347ABEF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18.2:*:*:*:*:*:*",
              "matchCriteriaId": "9E29E5E3-BB07-476D-8B4E-27FB2A6760EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18.3:*:*:*:*:*:*",
              "matchCriteriaId": "93BB3BBF-7F7B-4A6E-A024-EF859C1E3DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18.4:*:*:*:*:*:*",
              "matchCriteriaId": "4BB6B84E-9184-4B8C-8936-6B0B876A436F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack18.5:*:*:*:*:*:*",
              "matchCriteriaId": "DD3D514D-C705-4EC1-8A18-C36FD72E65D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack19:*:*:*:*:*:*",
              "matchCriteriaId": "AA55C1C9-43C0-4545-8AC3-94CA9F626D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack19.1:*:*:*:*:*:*",
              "matchCriteriaId": "CC3FEBE2-C9C8-4DEB-B5FD-1941BEE00435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack19.2:*:*:*:*:*:*",
              "matchCriteriaId": "812BB0A9-9A25-4908-9113-AC70372514AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack19.3:*:*:*:*:*:*",
              "matchCriteriaId": "BFCC03E1-9702-4667-829E-A9B47D3D5481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack19.4:*:*:*:*:*:*",
              "matchCriteriaId": "3B3C35FC-68E7-436E-B170-A1F894F745AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack2:*:*:*:*:*:*",
              "matchCriteriaId": "254036B1-D251-4130-B7AF-124262DEAEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack2.1:*:*:*:*:*:*",
              "matchCriteriaId": "7EB41A47-2C80-4925-90A2-18C1284ACA01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack2.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DE5ED64-FA2B-4807-BCD6-BF755100AC99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack2.3:*:*:*:*:*:*",
              "matchCriteriaId": "DD10878B-5C2E-47CB-9781-F760DC3AC9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack2.4:*:*:*:*:*:*",
              "matchCriteriaId": "2F993503-14BA-43F1-B2C5-0ACD34B8643F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack20:*:*:*:*:*:*",
              "matchCriteriaId": "F1A3BABD-E9B0-4970-8694-660E2A12815F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack21:*:*:*:*:*:*",
              "matchCriteriaId": "6E5452A7-34D7-4891-956F-DAD6256F476C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack21.1:*:*:*:*:*:*",
              "matchCriteriaId": "F70183CB-6422-4B9C-9286-C2F8CE064849",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack22:*:*:*:*:*:*",
              "matchCriteriaId": "64A973B6-14C8-4E64-A328-1719483E737A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack22.1:*:*:*:*:*:*",
              "matchCriteriaId": "AE643E53-44C3-4347-A4FF-590DEABDF629",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack22.2:*:*:*:*:*:*",
              "matchCriteriaId": "5F320A27-411B-44D4-8710-EDC3EDAA025A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack22.3:*:*:*:*:*:*",
              "matchCriteriaId": "5E508A65-CDE7-425F-980B-3D452981776D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack23:*:*:*:*:*:*",
              "matchCriteriaId": "1363F86F-8539-48A1-9574-85D4E8BD4762",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack23.1:*:*:*:*:*:*",
              "matchCriteriaId": "AE68FF6A-EC45-45FE-BD1B-32CF0342691B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack23.2:*:*:*:*:*:*",
              "matchCriteriaId": "71DBC741-DA9D-42BC-9D84-6CCA01A6CE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack24:*:*:*:*:*:*",
              "matchCriteriaId": "B0A0AB36-D65C-47C9-91E4-FF556D90CEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack24.1:*:*:*:*:*:*",
              "matchCriteriaId": "D220EBD7-F241-40C2-B432-672A0FF46EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack24.2:*:*:*:*:*:*",
              "matchCriteriaId": "984409B1-6AD8-4266-9F35-28FBC20B62BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack25:*:*:*:*:*:*",
              "matchCriteriaId": "B9345B03-4AFF-4F29-BED7-78807ED3BFC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack25.1:*:*:*:*:*:*",
              "matchCriteriaId": "06AD249C-D285-42F9-8A19-8D6D59AB706A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack25.2:*:*:*:*:*:*",
              "matchCriteriaId": "69DAF672-8206-437D-95BF-B1F872548321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack26:*:*:*:*:*:*",
              "matchCriteriaId": "0F7206C4-7FA6-406C-8A69-EB5256320559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack26.1:*:*:*:*:*:*",
              "matchCriteriaId": "3DCE3F4E-145D-466F-9793-9E0DE62B8F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack26.2:*:*:*:*:*:*",
              "matchCriteriaId": "9A2B4B64-9DB0-41B9-B3F2-AC497EC2BDE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack26.3:*:*:*:*:*:*",
              "matchCriteriaId": "42A9E676-7685-41B1-9310-8C74D7276627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack26.4:*:*:*:*:*:*",
              "matchCriteriaId": "9A0436F4-A475-4553-888E-D6DF687EE507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack27:*:*:*:*:*:*",
              "matchCriteriaId": "E987CDC5-AF53-45D9-88CB-7D37795268AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack27.1:*:*:*:*:*:*",
              "matchCriteriaId": "E10C0EE5-8EB2-4F31-9808-58798CE54A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28:*:*:*:*:*:*",
              "matchCriteriaId": "1F72DD2B-C35E-495A-9DED-4F354FF141D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28.1:*:*:*:*:*:*",
              "matchCriteriaId": "10627A7F-DE17-4AD0-8D5A-091869B996F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28.2:*:*:*:*:*:*",
              "matchCriteriaId": "BAE323B3-19A5-4698-84FA-4F1BF708F3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28.3:*:*:*:*:*:*",
              "matchCriteriaId": "7F6B1B69-FA2B-432D-BEEB-10C75BE605C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28.4:*:*:*:*:*:*",
              "matchCriteriaId": "DA58B1CA-8DAE-458C-8E1A-46D5C9B82EB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack28.5:*:*:*:*:*:*",
              "matchCriteriaId": "875A1769-D485-456C-9AC8-580BD6F10ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack29:*:*:*:*:*:*",
              "matchCriteriaId": "14DDF305-D7B6-46BF-8FFE-9493C8DF4787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack29.1:*:*:*:*:*:*",
              "matchCriteriaId": "17BC3F96-875A-4F7D-A896-EBDC18C5F43F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack29.2:*:*:*:*:*:*",
              "matchCriteriaId": "AAE00747-839A-4C11-A2BF-DCE44CC5DF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack29.3:*:*:*:*:*:*",
              "matchCriteriaId": "5B0A787C-263D-4FA5-9EDA-C9FC350A2265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack29.4:*:*:*:*:*:*",
              "matchCriteriaId": "14D03020-D8F5-489B-B686-E3FF75DEDA97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack3:*:*:*:*:*:*",
              "matchCriteriaId": "54C073F6-9E93-4626-9048-5867A4B0789B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack3.1:*:*:*:*:*:*",
              "matchCriteriaId": "F3AB254F-839E-4F4B-B2F1-005BC0BCFD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack3.2:*:*:*:*:*:*",
              "matchCriteriaId": "29DB00DE-AE47-471B-8566-5D96B077C7FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack30:*:*:*:*:*:*",
              "matchCriteriaId": "2B1CC2C5-0625-4798-AEBF-622C8DD1AC28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack30.1:*:*:*:*:*:*",
              "matchCriteriaId": "BCCBBFBF-5DE1-4E86-95F5-C331DBB1FFA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack30.2:*:*:*:*:*:*",
              "matchCriteriaId": "B5D4583B-385F-43E8-9AA8-894633566FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack30.3:*:*:*:*:*:*",
              "matchCriteriaId": "B51039B4-5C8A-4B7F-BEC4-7F1B9979DA2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack31:*:*:*:*:*:*",
              "matchCriteriaId": "20F3CDE4-7D38-4FEB-83E9-442D1BB6F68E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack31.1:*:*:*:*:*:*",
              "matchCriteriaId": "44700948-9FDB-4B39-B2AF-5E16B089B9F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack31.2:*:*:*:*:*:*",
              "matchCriteriaId": "650CD0D0-5D10-4FF4-94A2-43FC402237B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack31.3:*:*:*:*:*:*",
              "matchCriteriaId": "FDD53D77-6C54-4C8A-8ABA-597D84EFD748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack31.4:*:*:*:*:*:*",
              "matchCriteriaId": "2BD37C10-F62E-40BF-81FC-B6D26DD6FCC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack4:*:*:*:*:*:*",
              "matchCriteriaId": "A98560C8-57CF-43F9-9494-5AD2A9267356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack4.1:*:*:*:*:*:*",
              "matchCriteriaId": "C5F0D857-9A4E-4111-941F-0C02EDD4F042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack4.2:*:*:*:*:*:*",
              "matchCriteriaId": "A2B7F7C7-7D72-47F0-99F6-26DFD883E678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack5:*:*:*:*:*:*",
              "matchCriteriaId": "CC3B09C9-2CB7-44AA-85C3-63DB90BD4B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack5.1:*:*:*:*:*:*",
              "matchCriteriaId": "56E48FB7-69DC-40E0-877C-DE9DF1680E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack5.2:*:*:*:*:*:*",
              "matchCriteriaId": "D04A9232-7A79-4352-96EF-1C67409697BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack5.3:*:*:*:*:*:*",
              "matchCriteriaId": "31DAACC9-75E9-4AC1-AE7D-6DB444D60391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack6:*:*:*:*:*:*",
              "matchCriteriaId": "D9323AC6-2884-4C00-9025-6F2B4D0EB657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack6.1:*:*:*:*:*:*",
              "matchCriteriaId": "E4AA3F40-7303-4D43-9E46-6DB3C4063630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack6.2:*:*:*:*:*:*",
              "matchCriteriaId": "482573A8-0594-4593-A923-9B7721DB1296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack7:*:*:*:*:*:*",
              "matchCriteriaId": "50264D77-157C-418F-A5FD-E989E3D8B40B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack7.1:*:*:*:*:*:*",
              "matchCriteriaId": "D856BFBC-19CE-4C52-834A-99FC1BB897DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack7.2:*:*:*:*:*:*",
              "matchCriteriaId": "3D3A33E7-80DF-411D-AAB2-283AE6265499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack7.3:*:*:*:*:*:*",
              "matchCriteriaId": "68394B59-CC88-41D4-A77B-02F4FF0DC0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack8:*:*:*:*:*:*",
              "matchCriteriaId": "584D4C2F-81EA-4184-86ED-D8ACF75F8A6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack8.1:*:*:*:*:*:*",
              "matchCriteriaId": "F4613C95-2677-4287-9635-E0EA24788C20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack8.2:*:*:*:*:*:*",
              "matchCriteriaId": "86BE2EB8-C664-4EC3-B8C6-5F8AA16E88CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack8.3:*:*:*:*:*:*",
              "matchCriteriaId": "6763297B-AA5F-44B8-BE2A-5AD8D3FFABF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack8.4:*:*:*:*:*:*",
              "matchCriteriaId": "F0FF1B3E-5D02-4795-AC43-37632E9F4E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack9:*:*:*:*:*:*",
              "matchCriteriaId": "FCF0DC27-47DB-4903-9809-7BB822BD081F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack9.1:*:*:*:*:*:*",
              "matchCriteriaId": "33395A99-CB65-45B5-AD35-83812DEE8794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack9.2:*:*:*:*:*:*",
              "matchCriteriaId": "68BAF583-6EB9-4B89-8E1A-C001A9AE788A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:maintenance_pack9.3:*:*:*:*:*:*",
              "matchCriteriaId": "98B194F9-906C-49E2-83C5-5FC9BD772C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2:*:*:*:*:*:*",
              "matchCriteriaId": "D339C5F1-6A1F-4F82-A3D1-80B06F4E9D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.1:*:*:*:*:*:*",
              "matchCriteriaId": "6033A732-3DA8-4983-9850-0A071B653BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.2:*:*:*:*:*:*",
              "matchCriteriaId": "8125281D-D061-460C-99E8-1DF2DF568C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.3:*:*:*:*:*:*",
              "matchCriteriaId": "0CF408DE-6405-42B6-A64F-A8AF7DF90276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.4:*:*:*:*:*:*",
              "matchCriteriaId": "45A6C19C-3D43-48FD-8187-71BC529A2661",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.5:*:*:*:*:*:*",
              "matchCriteriaId": "DA68F367-2353-4B43-8AC2-1E208122F19B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q2.6:*:*:*:*:*:*",
              "matchCriteriaId": "AB963611-F4D0-49C4-9ECC-2E00599D99D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3:*:*:*:*:*:*",
              "matchCriteriaId": "E507282E-D10B-46B3-8F4D-928AB0E68558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.1:*:*:*:*:*:*",
              "matchCriteriaId": "E684B641-180D-4F9F-8C1B-5841C51D4F1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.2:*:*:*:*:*:*",
              "matchCriteriaId": "3D3E3F83-09AC-4E4C-B869-F3DDF34C4150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.3:*:*:*:*:*:*",
              "matchCriteriaId": "4427F824-D0DD-4920-AF85-908CF4039C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.4:*:*:*:*:*:*",
              "matchCriteriaId": "066A3A6B-AB7C-424C-B887-FF998F4B7AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.5:*:*:*:*:*:*",
              "matchCriteriaId": "9EBCE36F-1BFD-4D88-A00D-19A4493781EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.6:*:*:*:*:*:*",
              "matchCriteriaId": "5DE10493-51A2-4DA0-B88A-9F76C93FD454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.7:*:*:*:*:*:*",
              "matchCriteriaId": "11081323-0088-4520-BBE8-F333C90206F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q3.8:*:*:*:*:*:*",
              "matchCriteriaId": "9054465F-222E-424E-A3B4-9CF48E5C62C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr14q4:*:*:*:*:*:*",
              "matchCriteriaId": "6B63F606-9FF5-40D9-8235-5ADF698DA17C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1:*:*:*:*:*:*",
              "matchCriteriaId": "93C6C994-C84A-4892-8C21-5CC4085023AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1.1:*:*:*:*:*:*",
              "matchCriteriaId": "712B63FA-B463-4C2C-B080-0360FE5D2298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1.2:*:*:*:*:*:*",
              "matchCriteriaId": "18908DA4-649E-4DE0-B0CA-B0E1AC36DAB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1.3:*:*:*:*:*:*",
              "matchCriteriaId": "F22DD037-F01E-47C0-A5E4-FD9B208CF38A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1.4:*:*:*:*:*:*",
              "matchCriteriaId": "81E4434B-C731-4D29-A9BB-43717F8A7B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q1.5:*:*:*:*:*:*",
              "matchCriteriaId": "7A829F63-0E25-440F-B80E-B6BF0E282A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2:*:*:*:*:*:*",
              "matchCriteriaId": "E6123B61-B2F2-415D-BFE4-20F861D6CD62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.1:*:*:*:*:*:*",
              "matchCriteriaId": "BC8F43DB-8F05-450C-B03E-7C0A1F4B0554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.2:*:*:*:*:*:*",
              "matchCriteriaId": "5875C4F1-BF7D-4AB0-8DDA-ED48E4378FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.3:*:*:*:*:*:*",
              "matchCriteriaId": "C4292C09-FACB-448F-A193-D1D06BB8CBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.4:*:*:*:*:*:*",
              "matchCriteriaId": "05CD4C95-9A2E-43DD-AB78-56A4421DC314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.5:*:*:*:*:*:*",
              "matchCriteriaId": "75DC3B21-EB56-437A-B2D2-687FF6EDD5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q2.6:*:*:*:*:*:*",
              "matchCriteriaId": "786DC47C-A294-49CC-8E3B-E0E1FD62BE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3:*:*:*:*:*:*",
              "matchCriteriaId": "24D1157C-08CA-48CF-B5F5-2E31B76F1EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3.1:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE4ABA-F65C-4BD3-AEB3-48545C5397EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3.2:*:*:*:*:*:*",
              "matchCriteriaId": "B1C85127-686B-4FF7-8CEC-0178CAFF0775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3.3:*:*:*:*:*:*",
              "matchCriteriaId": "6D094942-8D6B-49D9-8748-AF673896FF11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3.4:*:*:*:*:*:*",
              "matchCriteriaId": "7DE6F8AF-74FC-4688-9DD7-286446CF2763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q3.5:*:*:*:*:*:*",
              "matchCriteriaId": "1916A1F0-FEB3-48C8-9ADD-D57A901ACF1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4:*:*:*:*:*:*",
              "matchCriteriaId": "0E93E66F-5D16-4A1B-BB80-A6705AF0B63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.1:*:*:*:*:*:*",
              "matchCriteriaId": "033CE64E-67F5-44B4-941A-15DC4F4CBCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.2:*:*:*:*:*:*",
              "matchCriteriaId": "8AC5326C-F9F8-40BD-89A9-A47F3E069E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.3:*:*:*:*:*:*",
              "matchCriteriaId": "C59F89A4-413E-4731-AB9F-E5C96AE99837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.4:*:*:*:*:*:*",
              "matchCriteriaId": "ABA3480F-A894-4F9F-BE9B-1E203BC8C089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.5:*:*:*:*:*:*",
              "matchCriteriaId": "47F60375-1807-44CD-A594-AC04B7E039E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr15q4.6:*:*:*:*:*:*",
              "matchCriteriaId": "D338701F-2203-4AF6-96AC-B5B88891E481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q1:*:*:*:*:*:*",
              "matchCriteriaId": "CD741089-08E2-490A-87A9-61CCA74C9278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q1.1:*:*:*:*:*:*",
              "matchCriteriaId": "C3551545-C3FF-46C8-BECC-1CCB8B1AD818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q1.2:*:*:*:*:*:*",
              "matchCriteriaId": "30F4D853-7BC4-4151-9BB6-9114D5B53EC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q1.3:*:*:*:*:*:*",
              "matchCriteriaId": "967ED834-83E3-4E12-8015-79F9F424BB56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q2:*:*:*:*:*:*",
              "matchCriteriaId": "C8887C00-5D65-40A7-9404-6246F7988631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q2.1:*:*:*:*:*:*",
              "matchCriteriaId": "DF9A17C5-F8EE-4BF2-ABB4-80A329331BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q2.2:*:*:*:*:*:*",
              "matchCriteriaId": "810A1FB6-71E7-4432-A632-67C6927CBD56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q2.3:*:*:*:*:*:*",
              "matchCriteriaId": "A7891097-062B-4A2B-AC62-06C34948F1A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q2.4:*:*:*:*:*:*",
              "matchCriteriaId": "B55615D6-A13A-4B46-8699-8CE8B1590657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3:*:*:*:*:*:*",
              "matchCriteriaId": "75FB3827-8A94-4FD2-BD5E-AFC4AF82DD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3.1:*:*:*:*:*:*",
              "matchCriteriaId": "865E4A52-85FC-4AEA-A89B-A80660BD406B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3.2:*:*:*:*:*:*",
              "matchCriteriaId": "BB0845D5-267B-4452-A787-F28755DDBB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3.3:*:*:*:*:*:*",
              "matchCriteriaId": "0D01B669-1698-4604-A4BA-6FFEB7BB70F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3.4:*:*:*:*:*:*",
              "matchCriteriaId": "E54EEFA4-8BF1-42FF-A58C-08CC2E3DE170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q3.5:*:*:*:*:*:*",
              "matchCriteriaId": "0CD58BCF-64EB-4C76-95ED-1CFDC468157E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q4:*:*:*:*:*:*",
              "matchCriteriaId": "9FFD4066-9A06-43D2-A746-A526E654575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q4.1:*:*:*:*:*:*",
              "matchCriteriaId": "F0BD0DF6-55EE-4814-8424-85E0F6321870",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q4.2:*:*:*:*:*:*",
              "matchCriteriaId": "70F7E8CC-0520-4E5B-A7DF-339EDED03EA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q4.3:*:*:*:*:*:*",
              "matchCriteriaId": "EDFEEA83-4910-4A04-BED9-054626041250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr16q4.4:*:*:*:*:*:*",
              "matchCriteriaId": "1B6EB6FB-80E5-4A1C-9861-41A86B9CE750",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q1:*:*:*:*:*:*",
              "matchCriteriaId": "0666BC18-AADF-4EE2-9883-F89294036FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q1.1:*:*:*:*:*:*",
              "matchCriteriaId": "9F83B714-F3B6-4376-8C11-5A79AC2972D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q1.2:*:*:*:*:*:*",
              "matchCriteriaId": "70DCEC35-E912-4182-9720-B89350A7AB05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q1.3:*:*:*:*:*:*",
              "matchCriteriaId": "33364A53-37B3-40FA-94C0-B743B64C2153",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q2:*:*:*:*:*:*",
              "matchCriteriaId": "6AC718E2-6D20-465F-A344-504F514381B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q2.1:*:*:*:*:*:*",
              "matchCriteriaId": "FA897D52-EAD7-466E-8EF2-81DABDBEB959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q2.2:*:*:*:*:*:*",
              "matchCriteriaId": "3DD09127-1DD9-42DC-8B68-CB810C255DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q2.3:*:*:*:*:*:*",
              "matchCriteriaId": "48E1CE89-3122-4CDA-81EB-9CD69CB40E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q2.4:*:*:*:*:*:*",
              "matchCriteriaId": "59EC2319-7133-4435-A416-BE855B3675D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q3:*:*:*:*:*:*",
              "matchCriteriaId": "DB26DCAD-DF6A-4C30-BBE2-0DE4AC28C449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q3.1:*:*:*:*:*:*",
              "matchCriteriaId": "B80B2382-77E6-41CB-BFEE-B21C4AB22959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q3.2:*:*:*:*:*:*",
              "matchCriteriaId": "5FB8D244-4A71-4799-9A4E-64151DDA804C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q3.3:*:*:*:*:*:*",
              "matchCriteriaId": "FF959A24-32D2-43BF-883E-78B8DBDF2DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q4:*:*:*:*:*:*",
              "matchCriteriaId": "8BAA9AA3-65F4-4148-BC1A-5E81CCB7E8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q4.1:*:*:*:*:*:*",
              "matchCriteriaId": "256C6A78-C56A-402C-B413-C8CA3F5571BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr17q4.2:*:*:*:*:*:*",
              "matchCriteriaId": "2E264AB4-96D7-4892-A57F-2A7564B9ACC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q1:*:*:*:*:*:*",
              "matchCriteriaId": "AD577A43-6FC6-48D1-BEDE-471BF7A9EB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q1.1:*:*:*:*:*:*",
              "matchCriteriaId": "43A03A0B-4980-408A-B708-819E8999F531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q1.2:*:*:*:*:*:*",
              "matchCriteriaId": "EA0DFADB-CCE2-4318-8281-B33E68272C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q1.3:*:*:*:*:*:*",
              "matchCriteriaId": "08C6E8F7-2956-49D2-97CC-1663CB034DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q2:*:*:*:*:*:*",
              "matchCriteriaId": "591C01C3-6C5C-4F28-BFA6-13E147DA7FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q2.1:*:*:*:*:*:*",
              "matchCriteriaId": "7CBDA2E6-3423-4ADD-9CE7-7BC9C4492D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q2.2:*:*:*:*:*:*",
              "matchCriteriaId": "C1F13954-088C-4192-997E-0743FD9A1E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q2.3:*:*:*:*:*:*",
              "matchCriteriaId": "1C0E114C-B067-4181-9738-F55FB9978B36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3:*:*:*:*:*:*",
              "matchCriteriaId": "B2E7FA76-7010-49D5-956F-C989790B25E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3.1:*:*:*:*:*:*",
              "matchCriteriaId": "76060308-900A-4ACB-A5F8-B1ECC5D3705D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3.2:*:*:*:*:*:*",
              "matchCriteriaId": "1BFBED77-EB95-404C-BD00-7137F60B1F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3.3:*:*:*:*:*:*",
              "matchCriteriaId": "632A718E-D6CB-4632-8CFC-1708A64E25B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3.4:*:*:*:*:*:*",
              "matchCriteriaId": "4B5DA832-9927-45FE-9B9D-32D34C66CF38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q3.5:*:*:*:*:*:*",
              "matchCriteriaId": "620EBCD9-5785-40A5-A8F3-2B3240D5AC45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q4:*:*:*:*:*:*",
              "matchCriteriaId": "71AAD671-4A8C-4154-AE18-A3F0C31033C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q4.1:*:*:*:*:*:*",
              "matchCriteriaId": "44A153C0-53CA-49C9-A2CF-5454CC2167D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q4.2:*:*:*:*:*:*",
              "matchCriteriaId": "E574310A-19DF-4555-BA04-061B75C9992C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr18q4.3:*:*:*:*:*:*",
              "matchCriteriaId": "F5562198-EE67-4A3B-8C98-FC322AA5EA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr19q1:*:*:*:*:*:*",
              "matchCriteriaId": "3B7E3C78-7094-4D34-878B-E3748CE26ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr19q1.1:*:*:*:*:*:*",
              "matchCriteriaId": "6507AA36-19E6-4D95-9642-AE0DB481D2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:pr19q1.2:*:*:*:*:*:*",
              "matchCriteriaId": "3894F258-5A1A-4BF1-A042-1A0BAB8AB5C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value."
    },
    {
      "lang": "es",
      "value": "ERP de Openbravo anterior a versi\u00f3n 3.0PR19Q1.3, est\u00e1 afectada por el Salto de Directorio. Esta vulnerabilidad podr\u00eda permitir a los atacantes autenticados remotos reemplazar un archivo en el servidor por medio del valor de inpKey de la funci\u00f3n getAttachmentDirectoryForNewAttachment."
    }
  ],
  "id": "CVE-2019-14362",
  "lastModified": "2024-11-21T04:26:35.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-28T18:15:11.043",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://grep.blog/directory-traversal-openbravo/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.openbravo.com/view.php?id=41413"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://grep.blog/directory-traversal-openbravo/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.openbravo.com/view.php?id=41413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-9437

Vulnerability from fkie_nvd - Published: 2017-06-05 14:29 - Updated: 2025-04-20 01:37
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
References
cve@mitre.orghttps://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
openbravo openbravo_erp 3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B84F73C6-E951-40BB-8C36-BCBCB79662D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code."
    },
    {
      "lang": "es",
      "value": "Openbravo Business Suite versi\u00f3n 3.0, est\u00e1 afectado por la inyecci\u00f3n SQL. Esta vulnerabilidad podr\u00eda permitir a los atacantes autenticados remotos inyectar c\u00f3digo SQL arbitrario."
    }
  ],
  "id": "CVE-2017-9437",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-05T14:29:00.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2013-3617

Vulnerability from fkie_nvd - Published: 2013-11-02 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
References
cret@cert.orghttp://www.kb.cert.org/vuls/id/533894Exploit, US Government Resource
cret@cert.orghttp://www.securityfocus.com/bid/63431Exploit
cret@cert.orghttps://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/533894Exploit, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/63431Exploit
af854a3a-2127-422b-91ae-364da2661108https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
Impacted products
Vendor Product Version
openbravo openbravo_erp *
openbravo openbravo_erp 2.40
openbravo openbravo_erp 2.50
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "856429C7-7977-45DF-BA55-A319C87F22E3",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E5C029-509F-4005-B428-AC35F16F8A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbravo:openbravo_erp:2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C864621-1CB9-4753-A184-3CD65FD01CFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."
    },
    {
      "lang": "es",
      "value": "La API XML en Openbravo ERP 2.5, 3.0 y anteriores permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de un documento XML con una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad en /ws/dal/ADUser u otra interfaz /ws/dal/XXX, esta relacionado con un problema XML External Entity (XXE)."
    }
  ],
  "id": "CVE-2013-3617",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-02T19:55:04.523",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/533894"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/63431"
    },
    {
      "source": "cret@cert.org",
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/533894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/63431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-14362 (GCVE-0-2019-14362)

Vulnerability from cvelistv5 – Published: 2019-07-28 17:26 – Updated: 2024-08-05 00:12
VLAI?
Summary
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:43.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grep.blog/directory-traversal-openbravo/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.openbravo.com/view.php?id=41413"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-28T17:26:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grep.blog/directory-traversal-openbravo/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.openbravo.com/view.php?id=41413"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/",
              "refsource": "MISC",
              "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
            },
            {
              "name": "https://grep.blog/directory-traversal-openbravo/",
              "refsource": "MISC",
              "url": "https://grep.blog/directory-traversal-openbravo/"
            },
            {
              "name": "https://issues.openbravo.com/view.php?id=41413",
              "refsource": "MISC",
              "url": "https://issues.openbravo.com/view.php?id=41413"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14362",
    "datePublished": "2019-07-28T17:26:06",
    "dateReserved": "2019-07-28T00:00:00",
    "dateUpdated": "2024-08-05T00:12:43.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9437 (GCVE-0-2017-9437)

Vulnerability from cvelistv5 – Published: 2017-06-05 14:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:11:01.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-05T14:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005",
              "refsource": "MISC",
              "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9437",
    "datePublished": "2017-06-05T14:00:00Z",
    "dateReserved": "2017-06-05T00:00:00Z",
    "dateUpdated": "2024-09-17T00:06:04.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3617 (GCVE-0-2013-3617)

Vulnerability from cvelistv5 – Published: 2013-11-02 19:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://community.rapid7.com/community/metasploit… x_refsource_MISC
http://www.kb.cert.org/vuls/id/533894 third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/63431 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
          },
          {
            "name": "VU#533894",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/533894"
          },
          {
            "name": "63431",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63431"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-02T19:00:00Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
        },
        {
          "name": "VU#533894",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/533894"
        },
        {
          "name": "63431",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63431"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
            },
            {
              "name": "VU#533894",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/533894"
            },
            {
              "name": "63431",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63431"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2013-3617",
    "datePublished": "2013-11-02T19:00:00Z",
    "dateReserved": "2013-05-21T00:00:00Z",
    "dateUpdated": "2024-09-17T02:36:55.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-14362 (GCVE-0-2019-14362)

Vulnerability from nvd – Published: 2019-07-28 17:26 – Updated: 2024-08-05 00:12
VLAI?
Summary
Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:12:43.491Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://grep.blog/directory-traversal-openbravo/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.openbravo.com/view.php?id=41413"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-28T17:26:06",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://grep.blog/directory-traversal-openbravo/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.openbravo.com/view.php?id=41413"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/",
              "refsource": "MISC",
              "url": "https://www.sitincloud.com/securite/directory-traversal-openbravo-erp/"
            },
            {
              "name": "https://grep.blog/directory-traversal-openbravo/",
              "refsource": "MISC",
              "url": "https://grep.blog/directory-traversal-openbravo/"
            },
            {
              "name": "https://issues.openbravo.com/view.php?id=41413",
              "refsource": "MISC",
              "url": "https://issues.openbravo.com/view.php?id=41413"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14362",
    "datePublished": "2019-07-28T17:26:06",
    "dateReserved": "2019-07-28T00:00:00",
    "dateUpdated": "2024-08-05T00:12:43.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-9437 (GCVE-0-2017-9437)

Vulnerability from nvd – Published: 2017-06-05 14:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:11:01.598Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-05T14:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9437",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005",
              "refsource": "MISC",
              "url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9437",
    "datePublished": "2017-06-05T14:00:00Z",
    "dateReserved": "2017-06-05T00:00:00Z",
    "dateUpdated": "2024-09-17T00:06:04.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-3617 (GCVE-0-2013-3617)

Vulnerability from nvd – Published: 2013-11-02 19:00 – Updated: 2024-09-17 02:36
VLAI?
Summary
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://community.rapid7.com/community/metasploit… x_refsource_MISC
http://www.kb.cert.org/vuls/id/533894 third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/63431 vdb-entryx_refsource_BID
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
          },
          {
            "name": "VU#533894",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/533894"
          },
          {
            "name": "63431",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/63431"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-02T19:00:00Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
        },
        {
          "name": "VU#533894",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/533894"
        },
        {
          "name": "63431",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/63431"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-3617",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
            },
            {
              "name": "VU#533894",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/533894"
            },
            {
              "name": "63431",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/63431"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2013-3617",
    "datePublished": "2013-11-02T19:00:00Z",
    "dateReserved": "2013-05-21T00:00:00Z",
    "dateUpdated": "2024-09-17T02:36:55.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}