Vulnerabilities > Apache > Ofbiz > 17.12.03

DATE CVE VULNERABILITY TITLE RISK
2021-03-22 CVE-2021-26295 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.06.
network
low complexity
apache CWE-502
critical
 9.8
9.8
2020-07-15 CVE-2020-9496 Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
network
low complexity
apache CWE-502
6.1
6.1
2020-07-15 CVE-2020-13923 Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
network
low complexity
apache CWE-639
5.3
5.3