Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)

Overview: On 19 May 2020, Apache published an advisory to address an insecure deserialization vulnerability in Apache OFBiz.  The vulnerability occurs due to Java serialization issues while processing requests sent to the “/webtools/control/xmlrpc” URL. This vulnerability may lead to a variety of attacks like stealing user/admin credentials. This issue can be escalated into a Remote … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2020-9496)”