Vulnerability Details CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also without authorizations.
Users are recommended to upgrade to version 18.12.11, which fixes this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.816
EPSS Ranking 99.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2023-50968
-
-
cpe:2.3:a:apache:ofbiz:09.04
-
cpe:2.3:a:apache:ofbiz:09.04.01
-
cpe:2.3:a:apache:ofbiz:10.04
-
cpe:2.3:a:apache:ofbiz:10.04.01
-
cpe:2.3:a:apache:ofbiz:10.04.02
-
cpe:2.3:a:apache:ofbiz:10.04.03
-
cpe:2.3:a:apache:ofbiz:10.04.04
-
cpe:2.3:a:apache:ofbiz:10.04.05
-
cpe:2.3:a:apache:ofbiz:10.04.06
-
cpe:2.3:a:apache:ofbiz:11.04
-
cpe:2.3:a:apache:ofbiz:11.04.01
-
cpe:2.3:a:apache:ofbiz:11.04.02
-
cpe:2.3:a:apache:ofbiz:11.04.03
-
cpe:2.3:a:apache:ofbiz:11.04.04
-
cpe:2.3:a:apache:ofbiz:11.04.05
-
cpe:2.3:a:apache:ofbiz:11.04.06
-
cpe:2.3:a:apache:ofbiz:12.04
-
cpe:2.3:a:apache:ofbiz:12.04.01
-
cpe:2.3:a:apache:ofbiz:12.04.02
-
cpe:2.3:a:apache:ofbiz:12.04.03
-
cpe:2.3:a:apache:ofbiz:12.04.04
-
cpe:2.3:a:apache:ofbiz:12.04.05
-
cpe:2.3:a:apache:ofbiz:12.04.06
-
cpe:2.3:a:apache:ofbiz:13.07
-
cpe:2.3:a:apache:ofbiz:13.07.01
-
cpe:2.3:a:apache:ofbiz:13.07.02
-
cpe:2.3:a:apache:ofbiz:13.07.03
-
cpe:2.3:a:apache:ofbiz:16.11.01
-
cpe:2.3:a:apache:ofbiz:16.11.02
-
cpe:2.3:a:apache:ofbiz:16.11.03
-
cpe:2.3:a:apache:ofbiz:16.11.04
-
cpe:2.3:a:apache:ofbiz:16.11.05
-
cpe:2.3:a:apache:ofbiz:16.11.06
-
cpe:2.3:a:apache:ofbiz:16.11.07
-
cpe:2.3:a:apache:ofbiz:17.12.01
-
cpe:2.3:a:apache:ofbiz:17.12.03
-
cpe:2.3:a:apache:ofbiz:17.12.04
-
cpe:2.3:a:apache:ofbiz:17.12.05
-
cpe:2.3:a:apache:ofbiz:17.12.06
-
cpe:2.3:a:apache:ofbiz:17.12.07
-
cpe:2.3:a:apache:ofbiz:17.12.08
-
cpe:2.3:a:apache:ofbiz:17.12.09
-
cpe:2.3:a:apache:ofbiz:18.12.01
-
cpe:2.3:a:apache:ofbiz:18.12.02
-
cpe:2.3:a:apache:ofbiz:18.12.03
-
cpe:2.3:a:apache:ofbiz:18.12.04
-
cpe:2.3:a:apache:ofbiz:18.12.05
-
cpe:2.3:a:apache:ofbiz:18.12.06
-
cpe:2.3:a:apache:ofbiz:18.12.07
-
cpe:2.3:a:apache:ofbiz:18.12.09
-
cpe:2.3:a:apache:ofbiz:18.12.10
-
cpe:2.3:a:apache:ofbiz:9.04
-
cpe:2.3:a:apache:ofbiz:9.04.01
-
cpe:2.3:a:apache:ofbiz:9.04.02