CVE-2016-4462 is a vulnerability in Apache OFBiz
Published on August 30, 2017

By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01

NVD

Products Associated with CVE-2016-4462

Want to know whenever a new CVE is published for Apache OFBiz? stack.watch will email you.

Apache OFBiz

Affected Versions

Apache Software Foundation Apache OFBiz:

Version 13.07.* is affected.
Version 12.04.* is affected.
Version 11.04.* is affected.

Exploit Probability

EPSS

1.03%

Percentile

77.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-4462 is a vulnerability in Apache OFBizPublished on August 30, 2017

Products Associated with CVE-2016-4462

Affected Versions

Exploit Probability

CVE-2016-4462 is a vulnerability in Apache OFBiz
Published on August 30, 2017