CVE-2023-49070

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

94.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10

Technical Details

Published
12/5/2023

Frequently Asked Questions

What is CVE-2023-49070?

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10

Is CVE-2023-49070 actively exploited?

Active exploitation of CVE-2023-49070 has not been confirmed. The EPSS score is 94.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-49070?

CVE-2023-49070 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2023-49070 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.