Description
Webtools XMLRPC endpoint of Apache OFBiz uses unsafe java deserialization and it's vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of Apache OFBiz
References
Remove deprecated Apache XML-RPC related code (CVE-2023-49070)
Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496
Related Vulnerabilities
WordPress Plugin Cool Video Gallery Command Injection (1.9)
Text4shell: Apache Commons Text RCE via insecure interpolation
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)