Apache

Ofbiz

55 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-54466

  • EPSS 0.1%
  • Veröffentlicht 15.08.2025 14:13:52
  • Zuletzt bearbeitet 21.08.2025 18:56:39

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can ...

6.1

CVE-2025-30676

  • EPSS 0.37%
  • Veröffentlicht 01.04.2025 15:16:07
  • Zuletzt bearbeitet 29.04.2025 20:52:31

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

3.5

CVE-2025-26865

  • EPSS 0.43%
  • Veröffentlicht 10.03.2025 14:01:06
  • Zuletzt bearbeitet 23.06.2025 18:37:09

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like t...

8.8

CVE-2024-48962

  • EPSS 0.3%
  • Veröffentlicht 18.11.2024 09:15:06
  • Zuletzt bearbeitet 11.02.2025 16:16:41

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. U...

9.8

CVE-2024-47208

  • EPSS 1.62%
  • Veröffentlicht 18.11.2024 09:15:06
  • Zuletzt bearbeitet 24.06.2025 16:20:57

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the iss...

9.8

CVE-2024-45507

  • EPSS 87.37%
  • Veröffentlicht 04.09.2024 09:15:04
  • Zuletzt bearbeitet 21.11.2024 09:37:52

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the iss...

7.5

CVE-2024-45195

Warnung
  • EPSS 94.13%
  • Veröffentlicht 04.09.2024 09:15:04
  • Zuletzt bearbeitet 06.03.2025 19:48:51

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

9.8

CVE-2024-38856

Warnung
  • EPSS 94.34%
  • Veröffentlicht 05.08.2024 09:15:56
  • Zuletzt bearbeitet 20.12.2024 16:35:41

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen render...

9.1

CVE-2024-36104

  • EPSS 93.51%
  • Veröffentlicht 04.06.2024 08:15:10
  • Zuletzt bearbeitet 01.07.2025 20:23:35

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

9.8

CVE-2024-32113

Warnung
  • EPSS 93.82%
  • Veröffentlicht 08.05.2024 15:15:10
  • Zuletzt bearbeitet 10.03.2025 20:23:37

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.