QwikSec

Security Database

CVE

CWE

Training

CVE-2020-9496

Published: Jul 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

Vendor	Product	Versions
n/a	Apache OFBiz	affected `Apache OFBiz 17.12.03`

References

https://s.apache.org/l0994

x_refsource_MISC

[announce] 20200715 [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20200716 [jira] [Updated] (OFBIZ-11716) Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496)

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html

x_refsource_MISC

[ofbiz-user] 20201116 [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments

mailing-list

x_refsource_MLIST

[ofbiz-user] 20201117 Re: [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html

x_refsource_MISC

[ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.