CVE-2021-26295

Summary

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OFBizApache OFBiz 17.12.01 to 17.12.05affected

Weaknesses

  • Java serialisation

Workarounds

Upgrade to at least 17.12.06 or apply the patch at https://github.com/apache/ofbiz-framework/commit/af9ed4e/

ADP Enrichment

CVE Program Container

Additional References

References