Vulnerabilities > Apache > Ofbiz > 17.12.01

DATE CVE VULNERABILITY TITLE RISK
2024-02-29 CVE-2024-23946 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
network
low complexity
apache CWE-434
5.3
2023-12-26 CVE-2023-51467 Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
network
low complexity
apache CWE-918
critical
9.8
2023-12-26 CVE-2023-50968 Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.
network
low complexity
apache CWE-918
7.5
2023-12-05 CVE-2023-49070 Code Injection vulnerability in Apache Ofbiz
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
network
low complexity
apache CWE-94
critical
9.8
2023-11-07 CVE-2023-46819 Missing Authentication for Critical Function vulnerability in Apache Ofbiz
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09
network
low complexity
apache CWE-306
5.3
2023-04-14 CVE-2022-47501 Path Traversal vulnerability in Apache Ofbiz
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin.
network
low complexity
apache CWE-22
7.5
2022-09-02 CVE-2022-25371 Path Traversal vulnerability in Apache Ofbiz
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.
network
low complexity
apache CWE-22
critical
9.8
2022-09-02 CVE-2022-29158 Unspecified vulnerability in Apache Ofbiz
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users.
network
low complexity
apache
7.5
2021-08-30 CVE-2021-25958 Information Exposure Through an Error Message vulnerability in Apache Ofbiz
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon.
network
low complexity
apache CWE-209
5.0
2021-08-18 CVE-2021-37608 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.
network
low complexity
apache CWE-434
critical
9.8