CVE-2016-2170
published 2016-04-12CVE-2016-2170: Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | — | — |
| apache | ofbiz | >= 12.04 < 12.04.06 | 12.04.06 |
| apache | ofbiz | >= 13.07 < 13.07.03 | 13.07.03 |