Openbravo : Security Vulnerabilities, CVEs,

CVE-2019-14362

Openbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. This vulnerability could allow remote authenticated attackers to replace a file on the server via the getAttachmentDirectoryForNewAttachment inpKey value.
Max CVSS
5.5
EPSS Score
0.23%
Published
2019-07-28
Updated
2019-08-14

CVE-2017-9437

Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
Max CVSS
8.8
EPSS Score
0.08%
Published
2017-06-05
Updated
2017-06-13

CVE-2013-3617

Public exploit
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Max CVSS
3.5
EPSS Score
34.53%
Published
2013-11-02
Updated
2013-11-21
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close