This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Apache First view 2020-07-15
Product Ofbiz Last view 2021-04-27
Version 17.12.03 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:apache:ofbiz

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2021-04-27 CVE-2021-30128

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

9.8 2021-04-27 CVE-2021-29200

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

9.8 2021-03-22 CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

6.1 2020-07-15 CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

5.3 2020-07-15 CVE-2020-13923

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-502 Deserialization of Untrusted Data
20% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-20 Improper Input Validation

Snort® IPS/IDS

Date Description
2020-11-12 Apache OFBiz XMLRPC deserialization attempt
RuleID : 55978 - Type : SERVER-OTHER - Revision : 1