Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Ofbiz  Security Vulnerabilities
CVE-2022-29158
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-02
CVE-2021-25958
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
CVSS Score
6.5
EPSS Score
0.021
Published
2021-08-30
CVE-2021-37608
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.
CVSS Score
9.8
EPSS Score
0.052
Published
2021-08-18
CVE-2021-29200
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
CVSS Score
9.8
EPSS Score
0.93
Published
2021-04-27
CVE-2021-30128
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
CVSS Score
9.8
EPSS Score
0.934
Published
2021-04-27
CVE-2021-26295
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
CVSS Score
9.8
EPSS Score
0.943
Published
2021-03-22
CVE-2020-13923
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
CVSS Score
5.3
EPSS Score
0.025
Published
2020-07-15
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
CVSS Score
6.1
EPSS Score
0.935
Published
2020-07-15
CVE-2019-0235
Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.
CVSS Score
8.8
EPSS Score
0.26
Published
2020-04-30
CVE-2019-12425
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
CVSS Score
7.5
EPSS Score
0.022
Published
2020-04-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved