Lucene search

[email protected]NVD:CVE-2024-45195

HistorySep 04, 2024 - 9:15 a.m.

CVE-2024-45195

2024-09-0409:15:04

CWE-425

[email protected]

web.nvd.nist.gov

cve-2024-45195

apache ofbiz

forced browsing

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.038

Percentile

92.0%

JSON

Direct Request (‘Forced Browsing’) vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Affected configurations

Nvd

Node

apacheofbizRange<18.12.16

VendorProductVersionCPE
apacheofbiz*cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	ofbiz	*	cpe:2.3:a:apache:ofbiz::::::::

References

issues.apache.org/jira/browse/OFBIZ-13130

lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy

ofbiz.apache.org/download.html

ofbiz.apache.org/security.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.038

Percentile

92.0%

JSON

Related for NVD:CVE-2024-45195

vulnrichment1 cvelist1 cve1 nessus1 impervablog1 f51 rapid7blog1 thn1