CVE-2020-13923Authorization Bypass Through User-Controlled Key in Apache Ofbiz

CWE-639Authorization Bypass Through User-Controlled KeyCWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
1.6%
top 18.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache OfbizApache Software Foundation Apache Ofbiz
Timeline
PublishedJul 15
Latest updateMay 24

Description

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDapache/ofbiz< 17.12.04
CVEListV5apache_software_foundation/apache_ofbizApache OFBiz 17.12.03 and earlier versions

🔴Vulnerability Details

2
GHSA
GHSA-6j9g-q4qp-mq4x: IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 172022-05-24
CVEList
CVE-2020-13923: IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 172020-07-15

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2020-13923
CVE-2020-13923 — Apache Ofbiz vulnerability | cvebase