Missing Auth in Apache OFBiz Solr Plugin before 18.12.09
CVE-2023-46819 Published on November 7, 2023

Apache OFBiz: Execution of Solr plugin queries without authentication
Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.09

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-46819 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.


Products Associated with CVE-2023-46819

stack.watch emails you whenever new vulnerabilities are published in Apache OFBiz or Apache Solr. Just hit a watch button to start following.

Apache OFBiz
 
Apache Solr
 

Affected Versions

Apache Software Foundation Apache OFBiz:

Exploit Probability

EPSS
0.30%
Percentile
52.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.