Vulnerability description
Apache OFBiz It is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. Apache OFBiz has a remote code execution vulnerability before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.
Vulnerability status:
|
|
|
|
|
|
|
|
|
|
Impact of the vulnerability:
Apache OFBiz versions before 18.12.10
Vulnerability verification:
Bug fixes:
The vulnerability has been fixed and affected users can upgrade ofbiz to version 18.12.10 or higher https://ofbiz.apache.org/download.html
Reference link
https://ofbiz.apache.org/security.html
https://seclists.org/oss-sec/2023/q4/257
https://github.com/apache/ofbiz-framework/commit/c59336f604
Original article by lyon, if reproduced, please credit: https://www.cncso.com/en/apache-obiz-remote-code-execution-vulnerability.html
