From 34c4a14f3dd6be39b1d7aebf6adf17c04ab9d830 Mon Sep 17 00:00:00 2001
From: Noam Rathaus <noamr@beyondsecurity.com>
Date: Mon, 15 Mar 2021 19:14:52 +0200
Subject: [PATCH] References

---
 cves/2020/CVE-2020-9496.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml
index f8ae6b62ba..bf637b1ef7 100644
--- a/cves/2020/CVE-2020-9496.yaml
+++ b/cves/2020/CVE-2020-9496.yaml
@@ -6,6 +6,9 @@ info:
   severity: medium
   description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
   tags: cve,cve2020,apache
+  reference:
+    - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
+    - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
 
 
   # This template detects a Java deserialization vulnerability in Apache