Unrated severityNVD Advisory· Published Aug 30, 2021· Updated Sep 16, 2024
Generation of Error Message Containing Sensitive Information in Apache OFBiz
CVE-2021-25958
Description
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- apache/ofbiz-frameworkv5Range: v17.12.01
Patches
Vulnerability mechanics
References
2- github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5cmitrex_refsource_MISC
- www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25958mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.