[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2023-51467: Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerab
From: Deepak Dixit <deepak () apache ! org>
Date: 2023-12-26 12:02:12
Message-ID: 983f05b5-33be-d71b-6798-41a39faa971b () apache ! org
[Download RAW message or body]
Severity: critical
Affected versions:
- Apache OFBiz before 18.12.11
Description:
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
This issue is being tracked as OFBIZ-12873
Credit:
Hasib Vhora, Senior Threat Researcher, SonicWall (finder)
Gao Tian (finder)
L0ne1y (finder)
References:
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-18.12.11.html
https://issues.apache.org/jira/browse/OFBIZ-12873
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-51467
https://issues.apache.org/jira/browse/OFBIZ-12873
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic