First published: Tue Apr 12 2016(Updated: )
Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache OFBiz | >=12.04<12.04.06 | |
Apache OFBiz | >=13.07<13.07.03 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-2170 is classified as a high severity vulnerability due to the potential for remote command execution.
To fix CVE-2016-2170, upgrade Apache OFBiz to version 12.04.06 or 13.07.03 or later.
CVE-2016-2170 allows remote attackers to execute arbitrary commands on the server via crafted serialized Java objects.
Apache OFBiz versions 12.04.x before 12.04.06 and 13.07.x before 13.07.03 are affected by CVE-2016-2170.
Yes, CVE-2016-2170 is related to vulnerabilities in the Apache Commons Collections library.