CVE-2020-9496

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 15 July 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

Summary

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

Affected Version(s)

Apache OFBiz Apache OFBiz 17.12.03

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-9496
Created by g33xter

CVE-2020-9496
Created by s4dbrd

CVE-2020-9496
Created by dwisiswant0

References

https://s.apache.org/l0994

x_refsource_MISC

https://lists.apache.org/thread.html/raf6020f765f12711e81...

mailing-listx_refsource_MLIST

https://lists.apache.org/thread.html/rde93e1c91620335b72b...

mailing-listx_refsource_MLIST

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jun 26, 2023
👾
Exploit known to exist
Jun 26, 2023
Vulnerability published
Jul 15, 2020
Vulnerability Reserved
Mar 1, 2020

Collectors

NVD DatabaseMitre Database7 Proof of Concept(s)