Vulnerabilities > Apache > Ofbiz

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2022-25370 Cross-site Scripting vulnerability in Apache Ofbiz
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.
network
low complexity
apache CWE-79
5.4
2022-09-02 CVE-2022-25371 Unspecified vulnerability in Apache Ofbiz
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.
network
low complexity
apache
critical
9.8
2022-09-02 CVE-2022-25813 Code Injection vulnerability in Apache Ofbiz
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page.
network
low complexity
apache CWE-94
7.5
2022-09-02 CVE-2022-29063 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099.
network
low complexity
apache CWE-502
critical
9.8
2022-09-02 CVE-2022-29158 Unspecified vulnerability in Apache Ofbiz
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users.
network
low complexity
apache
7.5
2021-08-30 CVE-2021-25958 Information Exposure Through an Error Message vulnerability in Apache Ofbiz
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon.
network
low complexity
apache CWE-209
7.5
2021-08-18 CVE-2021-37608 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.
network
low complexity
apache CWE-434
critical
9.8
2021-04-27 CVE-2021-30128 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
network
low complexity
apache CWE-502
critical
9.8
2021-04-27 CVE-2021-29200 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
network
low complexity
apache CWE-502
critical
9.8
2021-03-22 CVE-2021-26295 Deserialization of Untrusted Data vulnerability in Apache Ofbiz
Apache OFBiz has unsafe deserialization prior to 17.12.06.
network
low complexity
apache CWE-502
critical
9.8