oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

From: Jacques Le Roux <jacques.le.roux () les7arts com>
Date: Thu, 30 Apr 2020 15:56:06 +0200
Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.01

Description:
Apache OFBiz is vulnerable to CSRF attacks

Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
----

Credit:
Initially known by the OFBiz security team (OFBIZ-10427),
also reported later by
Man Yue Mo via RT <security-reports () semmle com>
Shuibo Ye <shuiboye () gmail com>
Vikash Patnaik <vikash.patnaik () outlook com>
Sonali Agrahari <sonaliagrahari8 () gmail com>
Girish Vasmatkar <girish.vasmatkar () hotwaxsystems com>
Dinesh Kumar Mohanty <kiitkp03 () gmail com>
Jason Nordenstam <j.nordenstam () offensive-security com>
Pradeep Jairamani <pradeepjairamani22 () gmail com>
Faiz Zaidi <faizzaidi17 () gmail com>

References:
https://ofbiz.apache.org/security.html
Previous By Date Next
Previous By Thread Next

Current thread: