vulnerability
Apache OFBiz: CVE-2023-50968: Arbitrary File Properties Reading and Server-Side Request Forgery (SSRF) vulnerabilities.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Dec 26, 2023 | Dec 23, 2024 | Nov 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Dec 26, 2023
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
Arbitrary file properties reading vulnerability in apache software foundation apache ofbiz when user operates an uri call without authorizations. the same uri can be operated to realize a ssrf attack also without authorizations. users are recommended to upgrade to version 18.12.11, which fixes this issue.
Solution
apache-ofbiz-upgrade-latest
References
- CWE-200
- CWE-918
- CVE-2023-50968
- https://attackerkb.com/topics/CVE-2023-50968
- URL-http://www.openwall.com/lists/oss-security/2023/12/26/2
- URL-https://issues.apache.org/jira/browse/OFBIZ-12875
- URL-https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q
- URL-https://ofbiz.apache.org/download.html
- URL-https://ofbiz.apache.org/release-notes-18.12.11.html
- URL-https://ofbiz.apache.org/security.html
- URL-https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=82c1737688
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.