OFBiz OFBiz - Dev

[SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
jacopoc
Reply | Threaded
Open this post in threaded view
|

[SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz

jacopoc
Severity:
Minor

Vendor:
The Apache Software Foundation

Versions Affected:
Apache OFBiz 16.11.01 to 16.11.06

Description:
an unauthenticated user could get access to information of some backend
screens by invoking setSessionLocale.

Mitigation:
Upgrade to 16.11.07

Credit:
This issue was discovered by Dennis Balkir <[hidden email]>.

References:
http://ofbiz.apache.org/security.html
Free forum by Nabble Edit this page