Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
Description
Webtools XMLRPC endpoint of Apache OFBiz uses unsafe java deserialization and it's vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of Apache OFBiz