Lucene search

Apache XML-RPC Security Vulnerabilities

cve

CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version...

9.8CVSS

9.4AI Score

0.798EPSS

2023-12-05 08:15 AM

In Wild

cve

CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz...

6.1CVSS

6.1AI Score

0.907EPSS

2020-07-15 04:15 PM

128

cve

CVE-2019-17570

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this...

9.8CVSS

9.5AI Score

0.014EPSS

2020-01-23 10:15 PM

156

cve

CVE-2018-17198

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF /...

9.8CVSS

9.4AI Score

0.002EPSS

2019-05-28 06:29 PM