Published: 12/04/2016 Updated: 09/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache OFBiz 12.04.x prior to 12.04.06 and 13.07.x prior to 13.07.03 allow remote malicious users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Affected Products

Vendor Product Versions
ApacheOfbiz12.04.01, 12.04.02, 12.04.03, 12.04.04, 12.04.05, 13.07.01, 13.07.02

Github Repositories

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without