Unauthenticated Access to Backend Screens via setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

Unauthenticated Access to Backend Screens via setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

CVE-2019-12426 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

Learn more about our Cis Benchmark Audit For Apache Http Server.