Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2019-10074
HistorySep 11, 2019 - 8:38 p.m.

CVE-2019-10074

2019-09-1120:38:56
apache
www.cve.org

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON

An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request β€œstory” input in the Order Manager application. Encoding should not be disabled without good reason and never within a field that accepts user input. Mitigation: Upgrade to 16.11.06 or manually apply the following commit on branch 16.11: r1858533

CNA Affected

[
  {
    "product": "OFBiz",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "OFBiz 16.11.01 to 16.11.05"
      }
    ]
  }
]

Related

prion 1
cve 1
nvd 1
prion
prion
Input validation
2019-09-11 21:15:00
cve
cve
CVE-2019-10074
2019-09-11 21:15:11
nvd
nvd
CVE-2019-10074
2019-09-11 21:15:11

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.0%

JSON
Related for CVELIST:CVE-2019-10074
prion1cve1nvd1