module
Apache OFBiz XML-RPC Java Deserialization
| Disclosed |
|---|
| 2020-07-13 |
Disclosed
2020-07-13
Description
This module exploits a Java deserialization vulnerability in Apache
OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
versions prior to 17.12.04.
OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
versions prior to 17.12.04.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.