CVE-2023-46819

Published: Nov 7, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09

Affected (1)

Products: Apache: Ofbiz

Apache

1 product

Ofbiz

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Ofbiz	Before 18.12.09

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (8)

https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99

Source: security@apache.org

Mailing ListPatchVendor Advisory

https://ofbiz.apache.org/download.html

Source: security@apache.org

Product

https://ofbiz.apache.org/release-notes-18.12.09.html

Source: security@apache.org

Release Notes

https://ofbiz.apache.org/security.html

Source: security@apache.org

PatchVendor Advisory

https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

https://ofbiz.apache.org/download.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://ofbiz.apache.org/release-notes-18.12.09.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://ofbiz.apache.org/security.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.