Primary

Context

Apache OFBiz Scrum Plugin Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A code injection vulnerability has been identified in the Apache OFBiz scrum plugin, prior to version 24.09.02. This vulnerability allows even unauthenticated attackers to execute arbitrary code, but only when the scrum plugin is active.

Impact

Exploitation of this vulnerability could lead to remote code execution on the server where Apache OFBiz is running.

Remediation

Users are advised to upgrade to Apache OFBiz version 24.09.02, which addresses this vulnerability.

Added: Aug 15, 2025, 3:22 PM

Updated: Aug 15, 2025, 3:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache OFBiz Scrum Plugin Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Apache OFBiz

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating