Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
References
Configurations
History
21 Nov 2024, 08:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://packetstormsecurity.com/files/176323/Apache-OFBiz-18.12.09-Remote-Code-Execution.html - | |
References | () https://issues.apache.org/jira/browse/OFBIZ-12812 - Issue Tracking, Patch | |
References | () https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3 - Mailing List | |
References | () https://ofbiz.apache.org/download.html - Product | |
References | () https://ofbiz.apache.org/release-notes-18.12.10.html - Release Notes | |
References | () https://ofbiz.apache.org/security.html - Vendor Advisory |
29 Dec 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Dec 2023, 15:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
References | () https://ofbiz.apache.org/security.html - Vendor Advisory | |
References | () https://ofbiz.apache.org/release-notes-18.12.10.html - Release Notes | |
References | () https://issues.apache.org/jira/browse/OFBIZ-12812 - Issue Tracking, Patch | |
References | () https://ofbiz.apache.org/download.html - Product | |
References | () https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3 - Mailing List |
05 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-05 08:15
Updated : 2024-11-21 08:32
NVD link : CVE-2023-49070
Mitre link : CVE-2023-49070
CVE.ORG link : CVE-2023-49070
JSON object : View
Products Affected
apache
- ofbiz
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')