Severity: Minor Vendor: The Apache Software Foundation
Versions Affected: Apache OFBiz 16.11.01 to 16.11.06 Description: an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale. Mitigation: Upgrade to 16.11.07 Credit: This issue was discovered by Dennis Balkir <dennis.bal...@ecomify.de>. References: http://ofbiz.apache.org/security.html