Published: 26/12/2023 Updated: 04/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ofbiz

oss-sec mailing list archives   By Date By Thread </form>    CVE-2023-50968: Apache OFBiz: Arbitrary file properties reading and SSRF attack  <!--X-Head-of-Mess ...

CWE-918 https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.11.html https://issues.apache.org/jira/browse/OFBIZ-12875 https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q http://www.openwall.com/lists/oss-security/2023/12/26/2 https://nvd.nist.gov https://seclists.org/oss-sec/2023/q4/336

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-50968

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect