oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication

From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Wed, 15 Jul 2020 14:52:11 +0200
Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.03

Description:
Apache OFBiz XML-RPC request areĀ  vulnerable to unsafe deserialization and Cross-Site Scripting issues.

Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----

Credit:
Alvaro Munoz fromĀ  GitHub Security Lab team <pwntester () github com>

References:
https://ofbiz.apache.org/security.html
Previous By Date Next
Previous By Thread Next

Current thread: