Tuesday 23 March 2021
The impact of this issue announcement is high. Please act accordingly to rectify the issue, as stated below.
Apache OFBiz versions prior to 17.12.06.
What you need to know:
Apache foundation’s latest update on Apache OFBiz, an open-source enterprise resource planning (ERP) system, included a patch for an unsafe java deserialisation issue that could be exploited to execute code remotely without authentication (CVE-22021-26295).
Actions to be taken:
Apache OFBiz users are advised to update to 17.12.06 package to prevent possible exploitation.