CVE-2023-49070

CVE-2023-49070: Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-94 · Code injection

Published December 5, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10

Key dates

Disclosure timeline

December 5, 2023 CVE published

February 13, 2025 Record updated