OFBiz OFBiz - User

[CVE-2020-13923] IDOR in Apache OFBiz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

[CVE-2020-13923] IDOR in Apache OFBiz

Jacques Le Roux
Administrator
Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
All versions < 17.12.04

Description:
IDOR vulnerability in the order processing feature from ecommerce component.

Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11836
----

Credit:
Harshit Shukla <[hidden email]>

References:
https://ofbiz.apache.org/security.html
Free forum by Nabble Edit this page