11 matches found
Apache OFBiz - Remote Code Execution
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45195 info: name: Apache OFBiz -...
K000141002: Apache OFBiz vulnerabilities CVE-2024-32113, CVE-2024-36104, and CVE-2024-45195
Security Advisory Description CVE-2024-32113 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. CVE-2024-36104...
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 CVSS score: 7.5,...
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...
CVE-2024-45195
creationtimestamp| type| source ---|---|--- 2024-09-04 11:53:36+00:00| seen| https://t.me/cvedetector/4781 2024-09-06 07:47:53+00:00| seen| https://t.me/thehackernews/5532 2024-09-06 09:13:35+00:00| published-proof-of-concept| Telegram/EFBeGFmA75ewgbU3HNfojE07wPqv1eLOdUnFt8ddrNP22g 2024-09-06...
CVE-2024-45195
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45195
Apache OFBiz is affected by CVE-2024-45195: Direct Request (Forced Browsing) vulnerability that allows unauthenticated remote code execution in versions prior to 18.12.16. The issue arises from missing view authorization checks, enabling an attacker with no credentials to execute arbitrary code o...
CVE-2024-45195
Direct Request ‘Forced Browsing’ vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Recent assessments: remmons-r7 at September 25, 2024 3:32pm UTC reported: Apache OFBiz is an open-source...