VYPR

Apache OFBiz

by Apache

CVEs (32)

  • CVE-2025-26865Mar 10, 2025
    Apache
    Ofbiz
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not…

  • CVE-2024-47208Nov 18, 2024
    Apache
    Ofbiz
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.

  • CVE-2024-48962Nov 18, 2024
    Apache
    Ofbiz
    risk 0.00cvss epss 0.01

    Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to…

  • CVE-2024-23946Feb 28, 2024
    Apache
    Ofbiz
    risk 0.00cvss epss 0.03

    Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

  • CVE-2024-25065Feb 28, 2024
    Apache
    Ofbiz
    risk 0.00cvss epss 0.01

    Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

  • CVE-2023-46819Nov 7, 2023
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.00

    Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09

  • CVE-2022-29158Sep 2, 2022
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.02

    Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

  • CVE-2022-25371Sep 2, 2022
    Apache
    Ofbiz
    risk 0.00cvss epss 0.02

    Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in…

  • CVE-2022-25370Sep 2, 2022
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.01

    Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an…

  • CVE-2021-37608Aug 18, 2021
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.03

    Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at…

  • CVE-2019-12425Apr 30, 2020
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.01

    Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

  • CVE-2019-12426Feb 6, 2020
    Apache
    Apache OFBiz
    risk 0.00cvss epss 0.01

    an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

Page 2 of 2