CVE-2021-37608 Vulnerability Details

  /     /     /  

CVE-2021-37608 Metadata Quick Info

CVE Published: 18/08/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: apache | Vendor: Apache Software Foundation | Product: Apache OFBiz
Status : PUBLISHED

---

CVE-2021-37608 Description

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-434
CWE Name: CWE-434 Unrestricted Upload of File with Dangerous Type
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).