oss-sec mailing list archives
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication
From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Wed, 15 Jul 2020 14:52:11 +0200
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.03 Description: Apache OFBiz XML-RPC request areĀ vulnerable to unsafe deserialization and Cross-Site Scripting issues. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716 ---- Credit: Alvaro Munoz fromĀ GitHub Security Lab team <pwntester () github com> References: https://ofbiz.apache.org/security.html
Current thread:
- [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication Jacques Le Roux (Jul 15)