CVE-2021-29200

Summary

Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OFBizApache OFBiz < 17.12.07affected

Weaknesses

  • Java serialisation

Workarounds

Upgrade to at least 17.12.07 or apply one of the patches at https://issues.apache.org/jira/browse/OFBIZ-12216

ADP Enrichment

CVE Program Container

Additional References

References