Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache OFBiz Log4Shell RCE - Vulnerability Database

Apache OFBiz Log4Shell RCE

Description

Due to vulnerabilities in Log4j library used by Apache OFBiz, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Apache OFBiz

References

Apache projects affected by log4j CVE-2021-44228

Related Vulnerabilities

Apache Solr Log4Shell RCE High
Common tags: Acumonitor Information Disclosure Code Execution
VMware vCenter Log4Shell RCE High
Common tags: Acumonitor Information Disclosure Code Execution
VMware Horizon Log4Shell RCE High
Common tags: Acumonitor Information Disclosure Code Execution
Ubiquiti Unifi Log4Shell RCE High
Common tags: Acumonitor Information Disclosure Code Execution
Data Binding Expression Vulnerability in Spring Web Flow High
Common tags: Acumonitor Code Execution

Severity

High

Classification

CVE-2021-44228
CWE-78
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor
Information Disclosure
Code Execution