Severity: Zero day
Date of Publish: 06,Aug'24
Affected System:
Apache OFBiz: through 18.12.14
Summary
Apache OFBiz open-source enterprise resource planning ERP Allows Remote Code Execution vulnerability
Description
a zero-day pre-authentication remote code execution vulnerability was identified in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow remote attacker to execute arbitrary code in the affected systems..
Recommendations /Solutions
upgrade to version 18.12.15
Vendor Reference:
| https://issues.apache.org/jira/browse/OFBIZ-13128 |
|
| https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w |
|
| https://ofbiz.apache.org/download.html |
|
| https://ofbiz.apache.org/security.html |
CVE:
NOTE : The information is provide is on “as is “ basis, without assurance of any kind .
Revision history
1. 06-Aug-24 - First advisory released. ---update -update version avaible