CVE-2023-49070
published 2023-12-05CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
Pre-auth RCE in Apache Ofbiz 18.12.09.
It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10.
Users are recommended to upgrade to version 18.12.10
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 18.12.10 | 18.12.10 |
| apache | ofbiz | — | — |
| apache_software_foundation | apache_ofbiz | < 18.12.10 | 18.12.10 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL