'[oss-security] [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication
From:       Jacques Le Roux <jacques.le.roux () les7arts ! com>
Date:       2020-07-15 12:52:11
Message-ID: 27251059-4261-01a9-e26c-488701ddffe6 () les7arts ! com
[Download RAW message or body]

Severity:
Important

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz 17.12.03

Description:
Apache OFBiz XML-RPC request are  vulnerable to unsafe deserialization and Cross-Site Scripting issues.

Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----

Credit:
Alvaro Munoz from  GitHub Security Lab team <pwntester@github.com>

References:
https://ofbiz.apache.org/security.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic