Description
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
References (6)
Core 6
Core References
Product mitigation
https://ofbiz.apache.org/download.html
Vendor Advisory related
https://ofbiz.apache.org/security.html
Release Notes release-notes
https://ofbiz.apache.org/release-notes-18.12.12.html
Issue Tracking issue-tracking
https://issues.apache.org/jira/browse/OFBIZ-12887
Mailing List vendor-advisory
https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc
Scores
CVSS v3
9.1
EPSS
0.0081
EPSS Percentile
74.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
apache/ofbiz
< 18.12.12
Published
Feb 29, 2024
Tracked Since
Feb 18, 2026