Vulnerabilities > Apache > Ofbiz > 11.04.03
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2022-47501 | Unspecified vulnerability in Apache Ofbiz Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. | 7.5 |
| 2022-09-02 | CVE-2022-25370 | Cross-site Scripting vulnerability in Apache Ofbiz Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. | 5.4 |
| 2022-09-02 | CVE-2022-25371 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. | 9.8 |
| 2022-09-02 | CVE-2022-25813 | Code Injection vulnerability in Apache Ofbiz In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. | 7.5 |
| 2022-09-02 | CVE-2022-29063 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. | 9.8 |
| 2022-09-02 | CVE-2022-29158 | Unspecified vulnerability in Apache Ofbiz Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. | 7.5 |
| 2021-08-18 | CVE-2021-37608 | Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. | 9.8 |
| 2021-04-27 | CVE-2021-30128 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version | 9.8 |
| 2021-04-27 | CVE-2021-29200 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | 9.8 |
| 2021-03-22 | CVE-2021-26295 | Deserialization of Untrusted Data vulnerability in Apache Ofbiz Apache OFBiz has unsafe deserialization prior to 17.12.06. | 9.8 |