Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
References
Configurations
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Sep 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 May 2021, 21:16
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cuser.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r708351f1a8af7adb887cc3d8a92bed8fcbff4a9e495e69a9ee546fda@%3Cnotifications.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097%40%3Cdev.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/04/27/4 - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097@%3Cdev.ofbiz.apache.org%3E - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-502 |
27 Apr 2021, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Apr 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-27 20:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29200
Mitre link : CVE-2021-29200
CVE.ORG link : CVE-2021-29200
JSON object : View
Products Affected
apache
- ofbiz
CWE
CWE-502
Deserialization of Untrusted Data