CVE-2021-26295: Apache OFBiz Remote Code Execution Vulneability Alert

Apache OFBiz is an open-source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise. OFBiz is an Apache Software Foundation top-level project. Recently, SecList released a risk notice for Apache OFBiz, the vulnerability number is CVE-2021-26295 with a CVSS score of 8.5.

Vulnerability Detail

The vulnerability exists due to insecure input validation when processing serialized data. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Affected version

  • Apache OFBiz < 17.12.06

Unaffected version

  • Apache OFBiz 17.12.06

Solution

In this regard, we recommend that users upgrade Apache OFBiz to the latest version in time.