// For flags

CVE-2019-12426

 

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (2)
NVD, NVD
CWE (0)
CAPEC (-)
Risk
CVSS Score
5.3 Medium
SSVC
-
KEV
-
EPSS
0.2%
Affected Products (-)
Vendors (1)
apache
Products (1)
ofbiz
Versions (1)
>= 16.11.01 <= 16.11.06
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (4)
General (3)
apache
Exploits & POcs (-)
Patches (-)
Advisories (1)
apache
Summary
Descriptions

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

Un usuario no autenticado podría obtener acceso a la información de algunas pantallas del back-end invocando setSessionLocale en Apache OFBiz versiones 16.11.01 hasta 16.11.06

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-05-28 CVE Reserved
  • 2020-02-06 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-01-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Ofbiz
Search vendor "Apache" for product "Ofbiz"
 >= 16.11.01 <= 16.11.06
Search vendor "Apache" for product "Ofbiz" and version " >= 16.11.01 <= 16.11.06"
-
Affected