Vulnerabilities > CVE-2020-9496 - Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
apache
CWE-502
NVD
Published: 2020-07-15
Updated: 2023-11-07

Summary

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

Vulnerable Configurations

Part Description Count
Application
Apache
1

Common Weakness Enumeration (CWE)

References