CVE-2023-50968

HIGH

CVSS v3

7.5

HIGH

EPSS Score

84.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

Technical Details

Published
12/26/2023

Frequently Asked Questions

What is CVE-2023-50968?

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue.

Is CVE-2023-50968 actively exploited?

Active exploitation of CVE-2023-50968 has not been confirmed. The EPSS score is 84.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-50968?

CVE-2023-50968 has a CVSS v3 base score of 7.5 (HIGH severity).

Is CVE-2023-50968 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.