CVE-2021-26295
published 2021-03-22CVE-2021-26295: Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 17.12.06 | 17.12.06 |
| apache | ofbiz | — | — |
| apache_software_foundation | apache_ofbiz | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL