CVE-2024-45195

🗓️ 04 Sep 2024 08:08:59Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 242 Views

Direct Request vulnerability in Apache OFBi

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2024-45195	4 Sep 202400:00	–	attackerkb
Tenable Nessus	Apache OFBiz < 18.12.16 Multiple Vulnerabilities	13 Sep 202400:00	–	nessus
Tenable Nessus	Apache OFBiz < 18.12.16 Remote Code Execution	26 Sep 202400:00	–	nessus
BDU FSTEC	The vulnerability of the Apache OFBiz resource planning software lies in security mechanism failures, which allow attackers to gain unauthorized access to protected information or cause other adverse effects.	11 Sep 202400:00	–	bdu_fstec
Circl	CVE-2024-45195	4 Sep 202411:53	–	circl
CISA KEV Catalog	Apache OFBiz Forced Browsing Vulnerability	4 Feb 202500:00	–	cisa_kev
CISA	CISA Adds Four Known Exploited Vulnerabilities to Catalog	4 Feb 202512:00	–	cisa
CNNVD	Apache OFBiz 安全漏洞	4 Sep 202400:00	–	cnnvd
Cvelist	CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)	4 Sep 202408:08	–	cvelist
F5 Networks	K000141002: Apache OFBiz vulnerabilities CVE-2024-32113, CVE-2024-36104, and CVE-2024-45195	9 Sep 202417:24	–	f5

NVD

Vulners

Vulnrichment

Node

apache ofbizRange<18.12.16

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OFBiz",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "18.12.16",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
issues	www.issues.apache.org/jira/browse/OFBIZ-13130
lists	www.lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
ofbiz	www.ofbiz.apache.org/security.html
ofbiz	www.ofbiz.apache.org/download.html
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
openwall	www.openwall.com/lists/oss-security/2024/09/03/6

23 Oct 2025 14:49Current

8.6High risk

Vulners AI Score8.6

CVSS 3.17.5 - 9.8

EPSS0.94148

SSVC