CVE-2021-37608

CWE-434Unrestricted File Upload4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.4%
top 12.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache OfbizApache Software Foundation Apache Ofbiz
Timeline
PublishedAug 18
Latest updateMay 24

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/ofbiz< 17.12.08
CVEListV5apache_software_foundation/apache_ofbizunspecified17.12.07

Patches

Patch: ofbiz.apache.orgPatch: ofbiz.apache.org

🔴Vulnerability Details

2
GHSA
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz2022-05-24
CVEList
Arbitrary file upload vulnerability in OFBiz2021-08-18

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2021-37608
CVE-2021-37608 (CRITICAL CVSS 9.8) | Unrestricted Upload of File with Da | cvebase.io