Lucene search

Ofbiz Security Vulnerabilities - 2023

cve

CVE-2022-47501

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack.This issue affects Apache OFBiz: before 18.12.07.

7.5CVSS

7.5AI Score

0.069EPSS

2023-04-14 04:15 PM

cve

CVE-2023-46819

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09

5.3CVSS

5.3AI Score

0.001EPSS

2023-11-07 11:15 AM

cve

CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present.This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

9.8CVSS

9.4AI Score

0.846EPSS

2023-12-05 08:15 AM

In Wild

cve

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this...

7.5CVSS

7.4AI Score

0.409EPSS

2023-12-26 12:15 PM

cve

CVE-2023-51467

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

9.8CVSS

9.7AI Score

0.69EPSS

2023-12-26 03:15 PM

117

In Wild