Apache

Ofbiz

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.41%
  • Veröffentlicht 10.06.2026 22:29:06
  • Zuletzt bearbeitet 12.06.2026 19:31:41

A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue affects Apache OFBiz: before 24.09.07. Users are recommended to upgrade to version 24.09.07, which fixes the is...

  • EPSS 0.66%
  • Veröffentlicht 10.06.2026 22:23:49
  • Zuletzt bearbeitet 12.06.2026 19:30:46

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execu...

  • EPSS 0.55%
  • Veröffentlicht 19.05.2026 09:41:39
  • Zuletzt bearbeitet 20.05.2026 17:16:25

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended...

Medienbericht
  • EPSS 22.88%
  • Veröffentlicht 19.05.2026 09:40:26
  • Zuletzt bearbeitet 20.05.2026 17:16:24

Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • EPSS 0.51%
  • Veröffentlicht 19.05.2026 09:39:27
  • Zuletzt bearbeitet 19.05.2026 19:16:50

Improper Authorization vulnerability in Apache OFBiz Webtools. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • EPSS 0.45%
  • Veröffentlicht 19.05.2026 09:36:55
  • Zuletzt bearbeitet 19.05.2026 19:16:50

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • EPSS 0.5%
  • Veröffentlicht 19.05.2026 09:36:00
  • Zuletzt bearbeitet 19.05.2026 19:16:49

Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Medienbericht
  • EPSS 0.42%
  • Veröffentlicht 19.05.2026 09:34:38
  • Zuletzt bearbeitet 19.05.2026 19:16:48

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • EPSS 0.46%
  • Veröffentlicht 19.05.2026 09:33:38
  • Zuletzt bearbeitet 19.05.2026 19:16:48

Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • EPSS 0.49%
  • Veröffentlicht 19.05.2026 09:32:47
  • Zuletzt bearbeitet 19.05.2026 19:16:48

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.