CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present
Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 This issue is being tracked as OFBIZ-12812 Credit: Siebene@ (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.10.html https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-49070 https://issues.apache.org/jira/browse/OFBIZ-12812
[ANNOUNCE] Apache OFBiz 18.12.10 released
The Apache OFBiz community is pleased to announce the new release "Apache OFBiz 18.12.10". Apache OFBiz® is an open source product for the automation of enterprise processes that includes framework components and business applications. http://ofbiz.apache.org/ "Apache OFBiz 18.12.10" is the tenth release of the 18.12 series. For details of the changes introduced with this new version please refer to http://ofbiz.apache.org/release-notes-18.12.10.html The history of security related fixes included in each release is available here: https://ofbiz.apache.org/security.html The release files can be downloaded following the instructions in the OFBiz download page: http://ofbiz.apache.org/download.html
