Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache ofbiz vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-25370
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and previous versions versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), a...
Apache Ofbiz
5.3
CVSSv3
CVE-2024-23946
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Apache Ofbiz
5.3
CVSSv3
CVE-2023-46819
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: prior to 18.12.09. Users are recommended to upgrade to version 18.12.09
Apache Ofbiz
5.3
CVSSv3
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz prior to 17.12.04
Apache Ofbiz
5.3
CVSSv3
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
Apache Ofbiz
NA
CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: prior to 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.
NA
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: prior to 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
2 Github repositories
NA
CVE-2024-25065
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
NA
CVE-2014-0232
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 prior to 11.04.05 and 12.04.01 prior to 12.04.04 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors, which are...
Apache Ofbiz 12.04.01
Apache Ofbiz 12.04.02
Apache Ofbiz 12.04.03
Apache Ofbiz 11.04.01
Apache Ofbiz 11.04.04
Apache Ofbiz 11.04.03
Apache Ofbiz 11.04.02
NA
CVE-2012-1621
Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x prior to 10.04.02 allow remote malicious users to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey par...
Apache Ofbiz 10.04.01
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »