CVE-2020-9496
Published at:
-
15-07-2020 06:15
Last modified:
-
05-04-2022 05:06
Total changes:
-
9
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
None
Privileges required
Changed
Scope
Required
User interaction
6.1
Base score
2.8
2.7
Exploitability score
Impact score
Verification logic
Reference
- https://s.apache.org/l0994
- [announce] 20200715 [CVE-2020-9496] Apache OFBiz XML-RPC requests vulnerable without authentication-Mailing List, Vendor Advisory
- [ofbiz-notifications] 20200716 [jira] [Updated] (OFBIZ-11716) Apache OFBiz unsafe deserialization of XMLRPC arguments (CVE-2020-9496)-Mailing List, Vendor Advisory
- http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- [ofbiz-user] 20201116 [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments-Mailing List, Vendor Advisory
- [ofbiz-user] 20201117 Re: [CVE-2020-9496] Apache OFBiz unsafe deserialization of XMLRPC arguments-Mailing List, Vendor Advisory
- http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
- [ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06-Mailing List, Third Party Advisory
- [ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07-Mailing List, Patch, Third Party Advisory
- http://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.html
Keywords