CVE-2022-47501: 
Apache OFBiz vulnerability analysis and mitigation

An arbitrary file reading vulnerability was discovered in Apache Software Foundation Apache OFBiz when using the Solr plugin (CVE-2022-47501). This pre-authentication vulnerability affects Apache OFBiz versions before 18.12.07. The vulnerability was introduced around 2013 when the Solr plugin was created (OSS Security).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'). It received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, needs no privileges, requires no user interaction, and can result in high confidentiality impact (NVD).

The vulnerability allows unauthorized attackers to read arbitrary files from the system through the Solr plugin. Given its pre-authentication nature and high CVSS score, this vulnerability poses a significant security risk as it can lead to unauthorized access to sensitive information (NVD).

The vulnerability was fixed in Apache OFBiz version 18.12.07 with commit 582add7d3. Users are strongly encouraged to upgrade to this version or later to address the security issue (Apache OFBiz Security).