cbcvebase.
CVE-2021-29200
published 2021-04-27

CVE-2021-29200: Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

Affected

3 ranges
VendorProductVersion rangeFixed in
apacheofbiz< 17.12.0717.12.07
apacheofbiz
apache_software_foundationapache_ofbiz>= Apache OFBiz < 17.12.0717.12.07