The vulnerability of the createRegister method implementation in Apache OFBiz’s enterprise resource planning software allows a hacker to gain unauthorized access to protected information.

🗓️ 27 Feb 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

createRegister vulnerability in Apache OFBiz leaks error messages, enabling attackers to access data.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-23946	22 Feb 202410:12	–	circl
CNNVD	Apache OFBiz Code Issue Vulnerability	29 Feb 202400:00	–	cnnvd
CVE	CVE-2024-23946	28 Feb 202415:44	–	cve
Cvelist	CVE-2024-23946 Apache OFBiz: Path traversal or file inclusion	28 Feb 202415:44	–	cvelist
EUVD	EUVD-2024-21374	3 Oct 202520:07	–	euvd
NVD	CVE-2024-23946	29 Feb 202401:44	–	nvd
Prion	Path traversal	29 Feb 202401:44	–	prion
Positive Technologies	PT-2024-1832 · Apache · Apache Ofbiz	17 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-23946	23 May 202509:41	–	redhatcve
Vulnrichment	CVE-2024-23946 Apache OFBiz: Path traversal or file inclusion	28 Feb 202415:44	–	vulnrichment

Vulners

Node

apache ofbizRange<22.01.01

OR

apache ofbizRange<18.12.12

Source	Link
issues	www.issues.apache.org/jira/browse/OFBIZ-12884
vuldb	www.vuldb.com/ru/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-183/
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2024022314
web	www.web.nvd.nist.gov/view/vuln/detail
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-24-183/

27 Feb 2024 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 25

CVSS 35.3

EPSS0.02712

createRegister vulnerability error message leakage apache OFBiz data access