Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-4462

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
Products affected by CVE-2016-4462
  • Apache » Ofbiz » Version: 11.04
    cpe:2.3:a:apache:ofbiz:11.04
  • Apache » Ofbiz » Version: 11.04.01
    cpe:2.3:a:apache:ofbiz:11.04.01
  • Apache » Ofbiz » Version: 11.04.02
    cpe:2.3:a:apache:ofbiz:11.04.02
  • Apache » Ofbiz » Version: 11.04.03
    cpe:2.3:a:apache:ofbiz:11.04.03
  • Apache » Ofbiz » Version: 11.04.04
    cpe:2.3:a:apache:ofbiz:11.04.04
  • Apache » Ofbiz » Version: 11.04.05
    cpe:2.3:a:apache:ofbiz:11.04.05
  • Apache » Ofbiz » Version: 11.04.06
    cpe:2.3:a:apache:ofbiz:11.04.06
  • Apache » Ofbiz » Version: 12.04
    cpe:2.3:a:apache:ofbiz:12.04
  • Apache » Ofbiz » Version: 12.04.01
    cpe:2.3:a:apache:ofbiz:12.04.01
  • Apache » Ofbiz » Version: 12.04.02
    cpe:2.3:a:apache:ofbiz:12.04.02
  • Apache » Ofbiz » Version: 12.04.03
    cpe:2.3:a:apache:ofbiz:12.04.03
  • Apache » Ofbiz » Version: 12.04.04
    cpe:2.3:a:apache:ofbiz:12.04.04
  • Apache » Ofbiz » Version: 12.04.05
    cpe:2.3:a:apache:ofbiz:12.04.05
  • Apache » Ofbiz » Version: 12.04.06
    cpe:2.3:a:apache:ofbiz:12.04.06
  • Apache » Ofbiz » Version: 13.07
    cpe:2.3:a:apache:ofbiz:13.07
  • Apache » Ofbiz » Version: 13.07.01
    cpe:2.3:a:apache:ofbiz:13.07.01
  • Apache » Ofbiz » Version: 13.07.02
    cpe:2.3:a:apache:ofbiz:13.07.02
  • Apache » Ofbiz » Version: 13.07.03
    cpe:2.3:a:apache:ofbiz:13.07.03


Products
Pricing
Contact Us

Shodan ® - All rights reserved