You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacopo Cappellato <ja...@apache.org> on 2020/02/06 14:25:16 UTC
[SECURITY] CVE-2019-12426 information disclosure vulnerability in
Apache OFBiz
Severity:
Minor
Vendor:
The Apache Software Foundation
Versions Affected:
Apache OFBiz 16.11.01 to 16.11.06
Description:
an unauthenticated user could get access to information of some backend
screens by invoking setSessionLocale.
Mitigation:
Upgrade to 16.11.07
Credit:
This issue was discovered by Dennis Balkir <de...@ecomify.de>.
References:
http://ofbiz.apache.org/security.html