English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Apache Software Foundation OFBiz 18.12.06

CPE Details

Apache Software Foundation OFBiz 18.12.06
apache
ofbiz
18.12.06
2022-09-07 13:01 +00:00
2022-09-07 14:18 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:apache:ofbiz:18.12.06:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

ofbiz

Version

18.12.06

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-23946 2024-02-28 15:44 +00:00 Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
5.3
MEDIUM
CVE-2023-51467 2023-12-26 14:46 +00:00 The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
9.8
CRITICAL
CVE-2023-50968 2023-12-26 11:45 +00:00 Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.
7.5
HIGH
CVE-2023-49070 2023-12-05 08:05 +00:00 Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
9.8
CRITICAL
CVE-2023-46819 2023-11-07 11:02 +00:00 Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09
5.3
MEDIUM
CVE-2022-47501 2023-04-14 15:01 +00:00 Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.
7.5
HIGH
CVE-2006-6588 2022-10-03 14:21 +00:00 The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
7.5
CVE-2006-6587 2006-12-15 18:00 +00:00 Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
6.8
CVE-2006-6589 2006-12-15 18:00 +00:00 Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
6.8

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.