Lucene search

Ofbiz Security Vulnerabilities - CVSS Score 5 - 6

cve

CVE-2019-12426

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

5.3CVSS

5.2AI Score

0.001EPSS

2020-02-06 05:15 PM

cve

CVE-2020-13923

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

5.3CVSS

5.3AI Score

0.005EPSS

2020-07-15 04:15 PM

cve

CVE-2022-25370

Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious u...

5.4CVSS

5.3AI Score

0.002EPSS

2022-09-02 07:15 AM

cve

CVE-2023-46819

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09

5.3CVSS

5.3AI Score

0.001EPSS

2023-11-07 11:15 AM

cve

CVE-2024-23946

Possible path traversal in Apache OFBiz allowing file inclusion.Users are recommended to upgrade to version 18.12.12, that fixes the issue.

5.3CVSS

5.2AI Score

0.001EPSS

2024-02-29 01:44 AM

108