Apache: >> Ofbiz >> 10.04.05 Security Vulnerabilities
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Known exploited
CVSS Score
9.8
EPSS Score
0.94
Published
2024-05-08
Possible path traversal in Apache OFBiz allowing authentication bypass.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
CVSS Score
9.1
EPSS Score
0.011
Published
2024-02-29
Possible path traversal in Apache OFBiz allowing file inclusion.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
CVSS Score
5.3
EPSS Score
0.036
Published
2024-02-29
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
CVSS Score
9.8
EPSS Score
0.94
Published
2023-12-26
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also without authorizations.
Users are recommended to upgrade to version 18.12.11, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.829
Published
2023-12-26
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
CVSS Score
9.8
EPSS Score
0.94
Published
2023-12-05
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.
This issue affects Apache OFBiz: before 18.12.09.
Users are recommended to upgrade to version 18.12.09
CVSS Score
5.3
EPSS Score
0.003
Published
2023-11-07
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a
pre-authentication attack.
This issue affects Apache OFBiz: before 18.12.07.
CVSS Score
7.5
EPSS Score
0.835
Published
2023-04-14
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
CVSS Score
5.4
EPSS Score
0.014
Published
2022-09-02
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-09-02