← back
CVE-2020-9496

CVE-2020-9496

EPSS 98.9%
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Affected products
n/a · Apache OFBiz
public PoCs found11
githubgithub.com/g33xter/CVE-2020-94967githubgithub.com/yuaneuro/ofbiz-poc6githubgithub.com/s4dbrd/CVE-2020-94964githubgithub.com/dwisiswant0/CVE-2020-94963githubgithub.com/Ly0nt4r/CVE-2020-94962githubgithub.com/Vulnmachines/apache-ofbiz-CVE-2020-94961githubgithub.com/ambalabanov/CVE-2020-94960exploitdbwww.exploit-db.com/exploits/50178unverifiedcve_referencepacketstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlunverifiedcve_referencepacketstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.htmlhttps://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb%40%3Cuser.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730%40%3Cuser.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825%40%3Cnotifications.ofbiz.apache.org%3Ehttps://s.apache.org/l0994