The Apache Syncope team is pleased to announce the release of Syncope 3.0.6
Apache Syncope is an Open Source system for managing digital identities in
enterprise environments, implemented in Java EE technology .
Syncope 3.0 Maggiore is now a full-fledged IAM system covering provisioning,
Severity: important
Affected versions:
- Apache OFBiz through 18.12.10
Description:
Arbitrary file properties reading vulnerability in Apache Software Foundation
Apache OFBiz when user operates an uri call without authorizations.
The same uri can be operated to realize a SSRF attack also
Severity: critical
Affected versions:
- Apache OFBiz before 18.12.11
Description:
The vulnerability allows attackers to bypass authentication to achieve a simple
Server-Side Request Forgery (SSRF)
This issue is being tracked as OFBIZ-12873
Credit:
Hasib Vhora, Senior Threat Researcher,
