In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Mend
Published: 2021-08-30T14:07:00.257077Z
Updated: 2024-09-16T18:02:54.998Z
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25958
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-30T14:15:07.117
Modified: 2024-11-21T05:55:40.523
Link: CVE-2021-25958
Redhat
No data.