← voltar
CVE-2020-9496

CVE-2020-9496

EPSS 98.9%
Vexday Risk Score
60Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS EPSS 98.9%KEV nãoPoC públicaNuclei simMetasploit simPatch
Ciclo de vida
13 jul 2020Exploit Metasploit disponível
15 jul 2020Publicada no NVD
15 ago 2020PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
Produtos afetados
n/a · Apache OFBiz
PoCs públicas encontradas11
githubgithub.com/g33xter/CVE-2020-94967githubgithub.com/yuaneuro/ofbiz-poc6githubgithub.com/s4dbrd/CVE-2020-94964githubgithub.com/dwisiswant0/CVE-2020-94963githubgithub.com/Ly0nt4r/CVE-2020-94962githubgithub.com/Vulnmachines/apache-ofbiz-CVE-2020-94961githubgithub.com/ambalabanov/CVE-2020-94960exploitdbwww.exploit-db.com/exploits/50178não verificadocve_referencepacketstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlnão verificadocve_referencepacketstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.htmlnão verificadocve_referencepacketstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.htmlhttp://packetstormsecurity.com/files/163730/Apache-OfBiz-17.12.01-Remote-Command-Execution.htmlhttps://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d%40%3Ccommits.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb%40%3Cuser.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730%40%3Cuser.ofbiz.apache.org%3Ehttps://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825%40%3Cnotifications.ofbiz.apache.org%3Ehttps://s.apache.org/l0994