Lucene search
+L

11 matches found

Nuclei
Nuclei
added 4 days ago81 views

Apache OFBiz - Remote Code Execution

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45195 info: name: Apache OFBiz -...

9.8CVSS7.7AI score0.99983EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2024/09/09 5:24 p.m.130 views

K000141002: Apache OFBiz vulnerabilities CVE-2024-32113, CVE-2024-36104, and CVE-2024-45195

Security Advisory Description CVE-2024-32113 Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. CVE-2024-36104...

9.8CVSS8.7AI score0.99983EPSS
Exploits8
The Hacker News
The Hacker News
added 2024/09/06 5:22 a.m.37 views

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 CVSS score: 7.5,...

9.8CVSS9.4AI score0.99983EPSS
Exploits15
Rapid7 Blog
Rapid7 Blog
added 2024/09/05 2:54 p.m.60 views

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server. Exploitation is facilitated by bypassing...

9.8CVSS9.8AI score0.99983EPSS
Exploits15
Circl
Circl
added 2024/09/04 11:53 a.m.22 views

CVE-2024-45195

creationtimestamp| type| source ---|---|--- 2024-09-04 11:53:36+00:00| seen| https://t.me/cvedetector/4781 2024-09-06 07:47:53+00:00| seen| https://t.me/thehackernews/5532 2024-09-06 09:13:35+00:00| published-proof-of-concept| Telegram/EFBeGFmA75ewgbU3HNfojE07wPqv1eLOdUnFt8ddrNP22g 2024-09-06...

9.8CVSS7.1AI score0.99983EPSS
In wildExploits0References25
NVD
NVD
added 2024/09/04 9:15 a.m.33 views

CVE-2024-45195

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

9.8CVSS0.99983EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/04 8:8 a.m.38 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

0.99983EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/04 8:8 a.m.41 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

7.1AI score0.99983EPSS
Exploits0References4
OSV
OSV
added 2024/09/04 8:8 a.m.9 views

CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Direct Request 'Forced Browsing' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...

9.8CVSS7.3AI score0.99983EPSS
Exploits0References8
CVE
CVE
added 2024/09/04 8:8 a.m.265 views

CVE-2024-45195

Apache OFBiz is affected by CVE-2024-45195: Direct Request (Forced Browsing) vulnerability that allows unauthenticated remote code execution in versions prior to 18.12.16. The issue arises from missing view authorization checks, enabling an attacker with no credentials to execute arbitrary code o...

9.8CVSS8.6AI score0.99983EPSS
In wildExploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/09/04 12:0 a.m.170 views

CVE-2024-45195

Direct Request ‘Forced Browsing’ vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Recent assessments: remmons-r7 at September 25, 2024 3:32pm UTC reported: Apache OFBiz is an open-source...

9.8CVSS8.6AI score0.99983EPSS
In wildExploits15References5
Rows per page
Query Builder