Ofbiz Security Vulnerabilities and Issues — Ofbiz CVE List

Lucene search

ApacheOfbiz

5 matches found

CVE•added 2021/03/22 12:15 p.m.•303 views

CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

9.8CVSS9.5AI score0.94289EPSS

CVE•added 2021/04/27 8:15 p.m.•122 views

CVE-2021-30128

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

10CVSS9.5AI score0.93353EPSS

CVE•added 2021/04/27 8:15 p.m.•116 views

CVE-2021-29200

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

9.8CVSS9.6AI score0.92953EPSS

CVE•added 2021/08/18 8:15 a.m.•73 views

CVE-2021-37608

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

9.8CVSS9.6AI score0.04523EPSS

CVE•added 2021/08/30 2:15 p.m.•39 views

CVE-2021-25958

In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occ...

7.5CVSS6.8AI score0.02088EPSS