Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858...
Apache Ofbiz
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz prior to 17.12.04
Apache Ofbiz
7.5
CVSSv3
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.1...
Apache Ofbiz
9.8
CVSSv3
CVE-2024-45507
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: prior to 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Apache Ofbiz
9.8
CVSSv3
CVE-2022-29063
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and previous versions, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a serve...
Apache Ofbiz
1 Github repository
7.5
CVSSv3
CVE-2022-29158
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
Apache Ofbiz
9.8
CVSSv3
CVE-2021-37608
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an malicious user to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/...
Apache Ofbiz
9.8
CVSSv3
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: up to and including 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens i...
Apache Ofbiz
6 Github repositories
2 Articles
9.8
CVSSv3
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceC...
Apache Ofbiz
1 Github repository
7.5
CVSSv3
CVE-2022-25813
In Apache OFBiz, versions 18.12.05 and previous versions, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communic...
Apache Ofbiz
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SQL injection
CVE-2024-52320
SQL
logic flaw
CVE-2024-6387
CVE-2024-11457
CVE-2024-11329
CVE-2024-50404
CVE-2023-48788
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »