Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache ofbiz vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2021-25958
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with...
Apache Ofbiz
9.8
CVSSv3
CVE-2021-37608
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at...
Apache Ofbiz
9.8
CVSSv3
CVE-2021-30128
Apache OFBiz has unsafe deserialization prior to 17.12.07 version...
Apache Ofbiz
9.8
CVSSv3
CVE-2021-29200
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack...
Apache Ofbiz
9.8
CVSSv3
CVE-2021-26295
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz....
Apache Ofbiz
6.1
CVSSv3
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...
Apache Ofbiz 17.12.03
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04...
Apache Ofbiz
8.8
CVSSv3
CVE-2019-0235
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks....
Apache Ofbiz 17.12.01
7.5
CVSSv3
CVE-2019-12425
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host...
Apache Ofbiz 17.12.01
6.1
CVSSv3
CVE-2020-1943
Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07....
Apache Ofbiz
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-30600CVE-2022-30138HTML injectionCVE-2022-28924malicious code‎open redirectCVE-2022-1388CVE-2022-29383CVE-2020-16235
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook