Description

Due to vulnerabilities in Log4j library used by Apache OFBiz, an unauthenticated attacker can leak sensitive information or execute arbitrary code on the system.

Remediation

Upgrade to the latest version of Apache OFBiz

References

Apache projects affected by log4j CVE-2021-44228

Related Vulnerabilities

WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)

WordPress Plugin Simple Backup Arbitrary File Download (2.7.10)

Oracle Business Intelligence Convert XXE CVE-2019-2767

WordPress Plugin Sell Downloads Arbitrary File Disclosure (1.0.1)

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

Severity

High

Classification

CVE-2021-44228 CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A

Tags

Acumonitor Information Disclosure Code Execution