PT-2023-8562 · Apache · Apache Ofbiz
Published
2023-11-07
·
Updated
2024-09-04
·
CVE-2023-46819
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache OFBiz versions prior to 18.12.09
Description
The issue is related to missing authentication in the Solr plugin of Apache OFBiz, allowing a remote attacker to modify protected information. It is estimated that around 1,891 devices are potentially affected, mainly located in the United States and China.
Recommendations
For versions prior to 18.12.09, users are recommended to upgrade to version 18.12.09 to resolve the issue. As a temporary workaround, consider disabling the Solr plugin until the upgrade is applied.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Ofbiz