=====================================================================

                                  CERT-Renater

                        Note d'Information No. 2023/VULN460

_____________________________________________________________________

DATE                : 08/11/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache OFBiz versions prior to
                                          18.12.09.

=====================================================================
https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99
_____________________________________________________________________

CVE-2023-46819: Apache OFBiz: Execution of Solr plugin queries
without authentication


Severity: moderate

Affected versions:

- Apache OFBiz before 18.12.09


Description:

Missing Authentication in Apache Software Foundation Apache OFBiz when
using the Solr plugin.


This issue affects Apache OFBiz: before 18.12.09.
Users are recommended to upgrade to version 18.12.09


Credit:

Anonymous by demand (finder)


References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/release-notes-18.12.09.html
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-46819


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================