CVE-2023-51467
published 2023-12-26CVE-2023-51467: The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 18.12.11 | 18.12.11 |
| apache | ofbiz | — | — |
| apache_software_foundation | apache_ofbiz | < 18.12.11 | 18.12.11 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL