Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 04 Dec 2023 21:04:50 +0000
From: Jacques Le Roux <>
Subject: CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to
 XML-RPC still present 

Severity: moderate

Affected versions:

- Apache OFBiz before 18.12.10


Pre-auth RCE in Apache Ofbiz 18.12.09.

It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10. 
Users are recommended to upgrade to version 18.12.10

This issue is being tracked as OFBIZ-12812 


Siebene@ (finder)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.