Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ofbiz vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49070
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: prior to 18.12.10. Users are recommended to upgrade to version 18.12.10
Apache Ofbiz
15 Github repositories
1 Article
NA
CVE-2023-51467
The vulnerability permits malicious users to circumvent authentication processes, enabling them to remotely execute arbitrary code
Apache Ofbiz
1 Metasploit module
18 Github repositories
1 Article
7.5
CVSSv2
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceC...
Apache Ofbiz
1 Github repository
7.5
CVSSv2
CVE-2021-26295
Apache OFBiz has unsafe deserialization before 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Apache Ofbiz
8 Github repositories
NA
CVE-2023-46819
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: prior to 18.12.09. Users are recommended to upgrade to version 18.12.09
Apache Ofbiz
7.5
CVSSv2
CVE-2021-29200
Apache OFBiz has unsafe deserialization before 17.12.07 version An unauthenticated user can perform an RCE attack
Apache Ofbiz
7.5
CVSSv2
CVE-2018-17200
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it using XStream. This `XStream` ins...
Apache Ofbiz
5
CVSSv2
CVE-2021-25958
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with ...
Apache Ofbiz
7.5
CVSSv2
CVE-2016-2170
Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Apache Ofbiz
6.8
CVSSv2
CVE-2006-6587
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote malicious users to inject arbitrary web script or HTML by posting a message.
Apache Ofbiz
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »