CVE-2021-26295

CVE-2021-26295: RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI

Vendor Apache Software Foundation

Product Apache OFBiz

Published March 22, 2021

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Key dates

Disclosure timeline

March 22, 2021 CVE published

February 13, 2025 Record updated