Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2024-45507
HistorySep 04, 2024 - 8:08 a.m.

CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE

2024-09-0408:08:33
CWE-918
CWE-94
apache
www.cve.org
7
apache ofbiz
rce
ssrf
code injection
upgrade

EPSS

0.555

Percentile

97.7%

JSON

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OFBiz",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "18.12.16",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Related

vulnrichment 1
nvd 1
cve 1
nessus 1
thn 1
vulnrichment
vulnrichment
CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
2024-09-04 08:08:33
nvd
nvd
CVE-2024-45507
2024-09-04 09:15:04
cve
cve
CVE-2024-45507
2024-09-04 09:15:04
nessus
nessus
Apache OFBiz < 18.12.16 Multiple Vulnerabilities
2024-09-13 00:00:00
thn
thn
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
2024-09-06 05:22:00

EPSS

0.555

Percentile

97.7%

JSON
Related for CVELIST:CVE-2024-45507
vulnrichment1nvd1cve1nessus1thn1