CVE-2020-9496

moderate-risk
Published 2020-07-15

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

Do I need to act?

!
93.8% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
50178
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (20)

Exploit http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserializ...
Exploit http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserializ...
Exploit http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command...
https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa...
https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c1...
https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c205...
https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943...
https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8...
https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f960...
Mailing List https://s.apache.org/l0994
Exploit http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserializ...
Exploit http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserializ...
Exploit http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command...
https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa...
https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c1...
https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c205...
https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943...
https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8...
https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f960...
Mailing List https://s.apache.org/l0994
48
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal