[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team

[CVE-2019-12425] Apache OFBiz Host Header Injection

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to Host header injection by accepting arbitrary hosts Mitigation: Upgrade to 17.12.03 or manually apply the commit at OFBIZ-11583 Credit: Pradeep

[CVE-2019-0235 ] Apache OFBiz multiple CSRF vulnerabilities

2020-04-30 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 Credit: Initially known by the OFBiz security team

[CVE-2020-13923] IDOR in Apache OFBiz

2020-07-15 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: All versions < 17.12.04 Description: IDOR vulnerability in the order processing feature from ecommerce component. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836 Credit: Harshit

[CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication

2020-07-15 Thread jler...@apache.org
Severity: Important Vendor: The Apache Software Foundation Versions Affected: OFBiz 17.12.03 Description: Apache OFBiz XML-RPC request areĀ  vulnerable to unsafe deserialization and Cross-Site Scripting issues. Mitigation: Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716