CVE-2021-26295

Critical

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over…

apache·CWE-502·Published 2021-03-22

CVSS

9.8

EPSS

0.98

KEV

Exploits

cve.orgen

153 chars

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

NVDen

153 chars

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.

Apache OFBiz, presenta una deserialización no segura versiones anteriores a 17.12.06. Un atacante no autenticado puede usar esta vulnerabilidad para apoderarse con éxito de Apache OFBiz

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H