Lucene search
+L

199 matches found

cisa_kev
cisa_kev
added 2025/02/04 12:0 a.m.15 views

Apache OFBiz Forced Browsing Vulnerability

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...

9.8CVSS6.9AI score0.99983EPSS
In wildExploits0
vulncheck_kev
vulncheck_kev
added 2024/09/11 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-45195

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access...

9.8CVSS5.8AI score0.99983EPSS
Exploits0References1
ics
ics
added 2024/09/10 6:0 a.m.42 views

Viessmann Climate Solutions SE Vitogate 300

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Viessmann Climate Solutions SE Equipment : Vitogate 300 Vulnerabilities : Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION...

9.8CVSS9.7AI score0.74525EPSS
Exploits5References10
f5
f5
added 2024/09/09 5:24 p.m.129 views

K000141002: Apache OFBiz vulnerabilities CVE-2024-32113, CVE-2024-36104, and CVE-2024-45195

Security Advisory Description CVE-2024-32113 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. CVE-2024-36104...

9.8CVSS8.7AI score0.99983EPSS
Exploits8
nvd
nvd
added 2024/09/04 9:15 a.m.32 views

CVE-2024-45195

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

9.8CVSS0.99983EPSS
Exploits0References6
cve
cve
added 2024/09/04 8:8 a.m.265 views

CVE-2024-45195

Apache OFBiz is affected by CVE-2024-45195: Direct Request (Forced Browsing) vulnerability that allows unauthenticated remote code execution in versions prior to 18.12.16. The issue arises from missing view authorization checks, enabling an attacker with no credentials to execute arbitrary code o...

9.8CVSS8.6AI score0.99983EPSS
In wildExploits0References6Affected Software1
vulnrichment
vulnrichment
added 2024/09/04 8:8 a.m.41 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

7.1AI score0.99983EPSS
Exploits0References4
cvelist
cvelist
added 2024/09/04 8:8 a.m.37 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

0.99983EPSS
Exploits0References4
osv
osv
added 2024/09/04 8:8 a.m.8 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

9.8CVSS7.3AI score0.99983EPSS
Exploits0References8
cnnvd
cnnvd
added 2024/09/04 12:0 a.m.5 views

Apache OFBiz 安全漏洞

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation in the United States. The system provides a suite of Java-based web application components and tools. A security vulnerability exists in Apache OFBiz versions prior to 18.12.16 that stems from a direct request...

9.8CVSS9.2AI score0.99983EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/08/14 12:0 a.m.1 views

PT-2024-5989

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.16 Description The issue is a Direct Request 'Forced Browsing' vulnerability in Apache OFBiz, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. This vulnerabilit...

10CVSS6.4AI score0.99983EPSS
Exploits0References126
cnvd
cnvd
added 2024/07/10 12:0 a.m.12 views

Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability (CNVD-2024-31230)

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...

7.6CVSS7AI score0.00361EPSS
Exploits0References1
cnvd
cnvd
added 2024/07/10 12:0 a.m.9 views

Siemens SINEMA Remote Connect Server Forced Browsing Vulnerability

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability, which is caused du...

7.6CVSS7AI score0.00361EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/07/09 12:0 a.m.4 views

Siemens SINEMA Remote Connect Server 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...

7.6CVSS6.8AI score0.00361EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/07/09 12:0 a.m.6 views

Siemens SINEMA Remote Connect 安全漏洞

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability, which is caused du...

7.6CVSS6.8AI score0.00361EPSS
Exploits0References2
osv
osv
added 2024/03/05 12:15 p.m.4 views

CVE-2023-45598

A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “measure” functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/03/05 12:0 a.m.4 views

PT-2024-13262 · Unknown · Ailux Imx6 Bundle

Name of the Vulnerable Software and Affected Versions: AiLux imx6 bundle versions prior to imx6 1.0.7-2 Description: A vulnerability in the "measure" functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. The issue is related to a...

5.3CVSS7.3AI score0.00487EPSS
Exploits0References8
cnvd
cnvd
added 2024/02/22 12:0 a.m.6 views

IBM PowerSC Forced Browsing Vulnerability

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC has a forced browsing vulnerability vulnerability that stems from not properly restricting access to URLs or resources, which can be exploited by an attacker to gain...

6.5CVSS6.8AI score0.00407EPSS
Exploits0References1
nvd
nvd
added 2024/02/14 3:15 p.m.16 views

CVE-2023-46186

IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929...

7.5CVSS5AI score0.00601EPSS
Exploits0References2
osv
osv
added 2024/02/14 3:15 p.m.4 views

CVE-2023-46186

IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929...

7.5CVSS5.8AI score0.00601EPSS
Exploits0References2
Rows per page
Query Builder