Apache

Ofbiz

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-61623

  • EPSS 0.1%
  • Veröffentlicht 12.11.2025 09:16:58
  • Zuletzt bearbeitet 13.11.2025 15:04:42

Reflected cross-site scripting vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

7.3

CVE-2025-59118

  • EPSS 0.13%
  • Veröffentlicht 12.11.2025 09:15:54
  • Zuletzt bearbeitet 13.11.2025 15:04:59

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.03. Users are recommended to upgrade to version 24.09.03, which fixes the issue.

9.8

CVE-2025-54466

  • EPSS 0.11%
  • Veröffentlicht 15.08.2025 14:13:52
  • Zuletzt bearbeitet 04.11.2025 22:16:28

Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can ...

6.1

CVE-2025-30676

  • EPSS 0.46%
  • Veröffentlicht 01.04.2025 15:16:07
  • Zuletzt bearbeitet 29.04.2025 20:52:31

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.19. Users are recommended to upgrade to version 18.12.19, which fixes the issue.

3.5

CVE-2025-26865

  • EPSS 0.53%
  • Veröffentlicht 10.03.2025 14:01:06
  • Zuletzt bearbeitet 23.06.2025 18:37:09

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like t...

8.8

CVE-2024-48962

  • EPSS 0.4%
  • Veröffentlicht 18.11.2024 09:15:06
  • Zuletzt bearbeitet 11.02.2025 16:16:41

Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. U...

9.8

CVE-2024-47208

  • EPSS 1.62%
  • Veröffentlicht 18.11.2024 09:15:06
  • Zuletzt bearbeitet 24.06.2025 16:20:57

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the iss...

9.8

CVE-2024-45507

  • EPSS 90.48%
  • Veröffentlicht 04.09.2024 09:15:04
  • Zuletzt bearbeitet 21.11.2024 09:37:52

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the iss...

7.5

CVE-2024-45195

Warnung
  • EPSS 94.15%
  • Veröffentlicht 04.09.2024 09:15:04
  • Zuletzt bearbeitet 23.10.2025 14:49:13

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

9.8

CVE-2024-38856

Warnung
  • EPSS 94.38%
  • Veröffentlicht 05.08.2024 09:15:56
  • Zuletzt bearbeitet 23.10.2025 14:49:04

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen render...