Summary
Apache Software Foundation has released a security update for the OFBiz product that fixes a vulnerability with a severity of “high”. This vulnerability, if exploited, could allow, under certain conditions, a remote attacker to manipulate the screen output on the affected instance.
Risk
Vulnerability impact estimate on the reference community: MEDIUM/YELLOW (63.46/100)1.
Type
- Data Manipulation
Affected products and/or versions
Apache OFBiz, versions prior to 18.12.15
Mitigation actions
In line with the vendor statements, it is recommended to take mitigation actions by following the instructions provided in the security bulletin reported in the References section.
Unique Vulnerability Identifiers
References
https://seclists.org/oss-sec/2024/q3/142
https://ofbiz.apache.org/security.html
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.