E25-c9nb1
CVSS:
9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2021
Description
This strike exploits an insecure deserialization vulnerability in Apache OFBiz. The vulnerability arises from improper handling of serialized Java objects within SOAP requests. A remote, unauthenticated attacker can exploit this flaw by sending a crafted payload, leading to arbitrary code execution on the affected system.
CVE
References
https://github.com/yuaneuro/ofbiz-poc