oss-sec mailing list archives
[SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz
From: Jacopo Cappellato <jacopoc () apache org>
Date: Thu, 6 Feb 2020 15:25:27 +0100
Severity: Minor Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 16.11.01 to 16.11.06 Description: an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale. Mitigation: Upgrade to 16.11.07 Credit: This issue was discovered by Dennis Balkir <dennis.balkir () ecomify de>. References: http://ofbiz.apache.org/security.html
Current thread:
- [SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz Jacopo Cappellato (Feb 06)