Severity
High
Analysis Summary
CVE-2021-37608
Apache OFBiz could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions by the Image Management. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache OFBiz 17.12.07
Remediation
Upgrade to the latest version of Apache OFBiz (17.12.08 or later), available from the Apache Web site.