Security Advisory

CVE-2021-25958

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-30 14:07:00

Last updated 2024-09-16 18:02:54

Assigner Mend

State PUBLISHED

Description

In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.

← Browse all CVEs View on cve.org ↗