SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2019-0235

Date: (C)2020-05-05 (M)2023-12-22

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 8.8		CVSS Score : 6.8
Exploit Score: 2.8		Exploit Score: 8.6
Impact Score: 5.9		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: MEDIUM
Privileges Required: NONE		Authentication: NONE
User Interaction: REQUIRED		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: PARTIAL
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: HIGH

Reference:

https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/rb53870d24088956a555683aa1aea7e532e3be65b863b9c75eac31b90%40%3Ccommits.ofbiz.apache.org%3E

https://lists.apache.org/thread.html/rbd572bb27991835a3455c1bf694e7140d79ab03cdb9e6e50fd1219d7%40%3Cnotifications.ofbiz.apache.org%3E

https://lists.apache.org/thread.html/r392206f7cd131f0fc3f7c60a767ced93ced00411d55c1777c219c956%40%3Cnotifications.ofbiz.apache.org%3E

https://lists.apache.org/thread.html/rfe36dc9135810954ef667d29129d02207fb999a286b60d33bd9c2349%40%3Cnotifications.ofbiz.apache.org%3E

https://lists.apache.org/thread.html/r9eeb6c41d2c562b451f1e48ec56881f59107cc4dea7c883db2c5373d%40%3Cnotifications.ofbiz.apache.org%3E

http://packetstormsecurity.com/files/157514/Apache-OFBiz-17.12.03-Cross-Site-Request-Forgery.html

https://s.apache.org/n4vnt

© SecPod Technologies