Pre-auth Remote Code Execution (RCE) Vulnerability in Apache OFBiz 18.12.09

Pre-auth Remote Code Execution (RCE) Vulnerability in Apache OFBiz 18.12.09

CVE-2023-49070 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10

Learn more about our Cis Benchmark Audit For Apache Http Server.