an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
5.3CVSS
5.2AI Score
0.001EPSS
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
5.3CVSS
5.3AI Score
0.005EPSS
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious u...
5.4CVSS
5.3AI Score
0.002EPSS
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09
5.3CVSS
5.3AI Score
0.001EPSS
Possible path traversal in Apache OFBiz allowing file inclusion.Users are recommended to upgrade to version 18.12.12, that fixes the issue.
5.3CVSS
5.2AI Score
0.001EPSS