Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-46819
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: prior to 18.12.09. Users are recommended to upgrade to version 18.12.09
Apache Ofbiz
7.5
CVSSv3
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and previous versions, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communic...
Apache Ofbiz
1 Github repository
6.1
CVSSv3
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858...
Apache Ofbiz
9.8
CVSSv3
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should not be disabled wit...
Apache Ofbiz
9.8
CVSSv3
CVE-2022-29063
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and previous versions, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a serve...
Apache Ofbiz
1 Github repository
7.5
CVSSv3
CVE-2022-29158
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
Apache Ofbiz
9.8
CVSSv3
CVE-2021-30128
Apache OFBiz has unsafe deserialization before 17.12.07 version
Apache Ofbiz
2 Github repositories
NA
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote malicious users to create unauthorized types of content, modify cont...
Apache Ofbiz
7.5
CVSSv3
CVE-2021-25958
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with ...
Apache Ofbiz
9.8
CVSSv3
CVE-2018-17200
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` ins...
Apache Ofbiz
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »