====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN392
_____________________________________________________________________

DATE                : 18/08/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Sstems running Apache OFBiz versions prior to
                                       17.12.08.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202108.mbox/%3c40716d3e-150d-10d6-ee27-aca4ae0480fb@apache.org%3e
_____________________________________________________________________

Severity:
High, possible RCE

Vendor:
The Apache Software Foundation

Versions Affected:
OFBiz versions prior to 17.12.08

Description:
Apache OFBiz has unsafe deserialization prior to 17.12.08 version

Mitigation:
Upgrade to at least 17.12.08
or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297

Credit:
Zhujie from galaxylab <galaxylab@sina.com>

References:
http://ofbiz.apache.org/download.html#vulnerabilities



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================