Security Advisory

CVE-2016-4462

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-08-30 17:00:00

Last updated 2024-09-17 00:30:36

Assigner apache

State PUBLISHED

Description

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01

← Browse all CVEs View on cve.org ↗