admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 18:27:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2020-9496.md
Goby 3665a91996
Create CVE-2020-9496.md 
add CVE-2020-9496
2023-04-01 12:39:26 +08:00

1.2 KiB
Raw Blame History

Apache OFBiz xmlrpc Deserialization Vulnerability (CVE-2020-9496)

Vulnerability Apache OFBiz xmlrpc Deserialization Vulnerability (CVE-2020-9496)
Chinese name Apache OFBiz xmlrpc 反序列化漏洞 (CVE-2020-9496)
CVSS core 9.8
FOFA Query (click to view the results directly) cert="Organizational Unit: Apache OFBiz" || (body="www.ofbiz.org" && body="/images/ofbiz_powered.gif")
Number of assets affected 1226
Description Apache OFBiz is a suite of business applications flexible enough to be used across any industry. A common architecture allows developers to easily extend or enhance it to create custom features.
Impact There is a deserialization vulnerability in the Apache OFBiz SOAPService processing interface. An attacker can obtain server privileges by sending specially constructed deserialized data, executing arbitrary code on the target server, executing system commands, or entering the memory horse.