Description
Apache OFBiz versions prior to 17.12.06 are vulnerable to a Java deserialization vulnerability that affects the unauthenticated SOAP endpoint /webtools/control/SOAPService. This vulnerability allows an attacker to execute arbitrary code on the affected system.
Remediation
Upgrade to the latest version of Apache OFBiz. This issue was fixed in version 17.12.06.
References
Related Vulnerabilities
WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)
Jboss Application Server HTTPServerILServlet.java remote code execution