QwikSec

Security Database

CVE

CWE

Training

CVE-2021-29200

Published: Apr 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

Vendor	Product	Versions
Apache Software Foundation	Apache OFBiz	affected `Apache OFBiz - < 17.12.07`

References

https://lists.apache.org/thread.html/re21d25d9fb89e36cea910633779c23f144b9b60596b113b7bf1e8097%40%3Cdev.ofbiz.apache.org%3E

x_refsource_MISC

[oss-security] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

mailing-list

x_refsource_MLIST

[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12216) Fixed UtilObject class [CVE-2021-29200]

mailing-list

x_refsource_MLIST

[ofbiz-user] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

mailing-list

x_refsource_MLIST

[ofbiz-dev] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07

mailing-list

x_refsource_MLIST

[announce] 20210427 [CVE-2021-29200] RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

mailing-list

x_refsource_MLIST

[ofbiz-commits] 20210811 [ofbiz-site] branch master updated: Updates security page for CVE-2021-37608 fixed in 17.12.08

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.