[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication
From: Jacques Le Roux <jacques.le.roux () les7arts ! com>
Date: 2020-07-15 12:52:11
Message-ID: 27251059-4261-01a9-e26c-488701ddffe6 () les7arts ! com
[Download RAW message or body]
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.03
Description:
Apache OFBiz XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----
Credit:
Alvaro Munoz from GitHub Security Lab team <pwntester@github.com>
References:
https://ofbiz.apache.org/security.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic