9.8
CVE-2023-51467
- EPSS 96%
- Veröffentlicht 26.12.2023 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:38:11
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 96% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/download.html
https://www.vicarius.io/vsociety/posts/apache-ofbiz-authentication-bypass-vulnerability-cve-2023-49070-and-cve-2023-51467
https://ofbiz.apache.org/release-notes-18.12.11.html
https://issues.apache.org/jira/browse/OFBIZ-12873
https://lists.apache.org/thread/9tmf9qyyhgh6m052rhz7lg9vxn390bdv
https://lists.apache.org/thread/oj2s6objhdq72t6g29omqpcbd1wlp48o
https://www.openwall.com/lists/oss-security/2023/12/26/3