Vulnerability in Apache Ofbiz
CVE-2019-12426
an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06
EPSS: 0.016 (82.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Ofbiz — versions Apache OFBiz 16.11.01 to 16.11.06
References
- s.apache.org/w0dem (x_refsource_CONFIRM)
- [announce] 20200206 [SECURITY] CVE-2019-12426 information disclosure vulnerability in Apache OFBiz (mailing-list, x_refsource_MLIST)
- [ofbiz-commits] 20200306 svn commit: r1874880 [5/5] - in /ofbiz/site: download.html release-notes-17.12.01.html security.html template/page/download.tpl.php template/page/release-notes-17.12.01.tpl.php template/page/security.tpl.php (mailing-list, x_refsource_MLIST)
- [ofbiz-commits] 20200430 svn commit: r1877207 - in /ofbiz/site: security.html template/page/security.tpl.php (mailing-list, x_refsource_MLIST)