You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2020/07/15 12:52:00 UTC
[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without
authentication
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.03
Description:
Apache OFBiz XML-RPC request areĀ vulnerable to unsafe deserialization and Cross-Site Scripting issues.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----
Credit:
Alvaro Munoz fromĀ GitHub Security Lab team <pw...@github.com>
References:
https://ofbiz.apache.org/security.html