CVE-2021-25958
published 2021-08-30CVE-2021-25958: In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | >= 17.12.01 < 17.12.08 | 17.12.08 |
| apache | ofbiz-framework | unspecified – v17.12.07 | — |
| apache | ofbiz-framework | >= v17.12.01 < unspecified | unspecified |