9.8

CVE-2021-29200

RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheOfbiz Version < 17.12.07
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 92.5% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://www.openwall.com/lists/oss-security/2021/04/27/4
Patch
Third Party Advisory
Mailing List