CVE-2021-25958
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| apache | ofbiz-framework | v17.12.01 < unspecified | affected |
| apache | ofbiz-framework | unspecified <= v17.12.07 | affected |
Weaknesses
- CWE-209: CWE-209 Information Exposure Through an Error Message
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5c
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25958
References
- https://github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5c
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25958
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.