CVE-2021-30128

Summary

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache OFBizApache OFBiz < 17.12.07affected

Weaknesses

  • Java serialisation

Workarounds

Upgrade to at least 17.12.07 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12212 & OFBIZ-12221

ADP Enrichment

CVE Program Container

Additional References

References