HomePentest-Tools.com Logo

Apache OFBiz <17.12.06 - Arbitrary Code Execution CVE-2021-26295

Severity
CVSSv3 Score
9.8
Vulnerability description

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade Apache OFBiz to version 17.12.06 or later to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Mar 22, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available