Looking for the vulnerability index of Invicti's legacy products?
Apache OFBiz SOAPService Deserialization RCE - Vulnerability Database

Apache OFBiz SOAPService Deserialization RCE

Description

Apache OFBiz versions prior to 17.12.06 are vulnerable to a Java deserialization vulnerability that affects the unauthenticated SOAP endpoint /webtools/control/SOAPService. This vulnerability allows an attacker to execute arbitrary code on the affected system.

Remediation

Upgrade to the latest version of Apache OFBiz. This issue was fixed in version 17.12.06.

Related Vulnerabilities