This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Openbravo | First view | 2013-11-02 |
| Product | Openbravo Erp | Last view | 2019-07-28 |
| Version | 3.0 | Type | Application |
| Update | maintenance_pack12 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:openbravo:openbravo_erp | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2019-07-28 | CVE-2019-14362 | Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value. |
| 3.5 | 2013-11-02 | CVE-2013-3617 | The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 50% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
