Vulnerability Details : CVE-2021-30128
Apache OFBiz has unsafe deserialization prior to 17.12.07 version
Products affected by CVE-2021-30128
- cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-30128
75.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30128
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-30128
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-30128
-
https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
[ofbiz-site] branch master updated: Updates security page for CVE-2021-37608 fixed in 17.12.08 - Pony MailMailing List;Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/04/27/5
oss-security - [CVE-2021-30128] Unsafe deserialization in OFBizMailing List;Patch;Third Party Advisory
-
https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cuser.ofbiz.apache.org%3E
Pony Mail!Mailing List;Mitigation;Vendor Advisory
-
https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E
[ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 - Pony MailMailing List;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
[CVE-2021-30128] Unsafe deserialization in OFBiz - Pony MailMailing List;Mitigation;Vendor Advisory
-
https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661@%3Cnotifications.ofbiz.apache.org%3E
[jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128] - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce@%3Cnotifications.ofbiz.apache.org%3E
[jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128] - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
[CVE-2021-30128] Unsafe deserialization in OFBiz - Pony MailMailing List;Mitigation;Vendor Advisory
-
https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735@%3Cnotifications.ofbiz.apache.org%3E
[jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128] - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb82f41de3c44bb644632531f79649046ca76afeab25a2bdb9991ab84@%3Cnotifications.ofbiz.apache.org%3E
[jira] [Updated] (OFBIZ-12221) Fixed ObjectInputStream denyList [CVE-2021-30128] - Pony MailMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cannounce.apache.org%3E
Pony Mail!Mailing List;Mitigation;Vendor Advisory
Jump to