CVE-2020-9496: XSS
First published: Wed Jul 15 2020(Updated: )
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OFBiz | =17.12.03 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.html
- https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb@%3Cuser.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730@%3Cuser.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825@%3Cnotifications.ofbiz.apache.org%3E
- https://s.apache.org/l0994
- https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84%40%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825%40%3Cnotifications.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb%40%3Cuser.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730%40%3Cuser.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5%40%3Ccommits.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d%40%3Ccommits.ofbiz.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2020-9496?
The severity of CVE-2020-9496 is medium.
What is the vulnerability description of CVE-2020-9496?
CVE-2020-9496 is a vulnerability in Apache OFBiz 17.12.03 that allows for unsafe deserialization and Cross-Site Scripting issues in XML-RPC requests.
What software version is affected by CVE-2020-9496?
Apache OFBiz version 17.12.03 is affected by CVE-2020-9496.
How can this vulnerability be exploited?
CVE-2020-9496 can be exploited through XML-RPC requests by performing unsafe deserialization and injecting malicious scripts.
Are there any references available for CVE-2020-9496?
Yes, you can find references for CVE-2020-9496 at the following links: [link1], [link2], [link3].
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/references
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/apache
- canonical/apache ofbiz
- version/apache ofbiz/17.12.03