The Apache OFBiz Project Team would like to inform you that OFBiz 17.12.09
is the last release of the 17.12 branch, which has reached its end of life and
won't be longer officially supported.
https://ofbiz.apache.org/release-notes-17.12.09.html
This announcement takes place on 2022-01-21 and
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.08
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.08 version
Mitigation:
Upgrade to at least 17.12.08
or apply patches at
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.07
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
Mitigation:
Upgrade to at least 17.12.07
or apply patches at
Severity:
High, possible RCE
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.07
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
An unauthenticated user can perform a RCE attack
Mitigation:
Upgrade to at least 17.12.07
or
Severity:
High
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz versions prior to 17.12.06
Description:
Apache OFBiz has unsafe deserialization prior to 17.12.06.
An unauthenticated attacker can use this vulnerability to successfully take
over Apache OFBiz.
Mitigation:
Upgrade
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All versions < 17.12.04
Description:
IDOR vulnerability in the order processing feature from ecommerce component.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836
Credit:
Harshit
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.03
Description:
Apache OFBiz XML-RPC request areĀ vulnerable to unsafe deserialization and
Cross-Site Scripting issues.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to CSRF attacks
Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
Credit:
Initially known by the OFBiz security team
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts
Mitigation:
Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583
Credit:
Pradeep
Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to CSRF attacks
Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
Credit:
Initially known by the OFBiz security team
10 matches
Mail list logo