WEB APPLICATION VULNERABILITIES Standard & Premium

Apache OFBiz SSRF (CVE-2023-50968)

Description

OFBiz allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of OFBiz

References

Release Notes 18.12.11

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16192)

MySQL CVE-2019-2785 Vulnerability (CVE-2019-2785)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5589)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)

Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-35612)

Severity

High

Classification

CVE-2023-50968 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities