Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0235

CWE-352Cross-Site Request Forgery (CSRF)5 documents5 sources
Severity
8.8HIGH
EPSS
11.1%
top 6.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Apache OfbizApache Ofbiz
Timeline
PublishedApr 30
Latest updateMay 24

Description

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/ofbiz17.12.01
CVEListV5apache/apache_ofbiz17.12.01

🔴Vulnerability Details

2
GHSA
GHSA-5wc5-h2wj-6697: Apache OFBiz 172022-05-24
CVEList
CVE-2019-0235: Apache OFBiz 172020-04-30

💥Exploits & PoCs

1
Exploit-DB
Apache OFBiz 17.12.03 - Cross-Site Request Forgery (Account Takeover)2020-05-01

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2019-0235