[SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz

[Jacopo Cappellato <jacopoc () apache org>]

Severity:
Minor

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 16.11.01 to 16.11.06

Description:
an unauthenticated user could get access to information of some backend
screens by invoking setSessionLocale.

Mitigation:
Upgrade to 16.11.07

Credit:
This issue was discovered by Dennis Balkir <dennis.balkir () ecomify de>.

References:
http://ofbiz.apache.org/security.html