6 matches found
VulnCheck KEV: CVE-2024-45507
Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 CVSS score: 7.5,...
CVE-2024-45507
creationtimestamp| type| source ---|---|--- 2024-09-04 11:53:32+00:00| seen| https://t.me/cvedetector/4778 2024-09-21 16:06:49+00:00| published-proof-of-concept| https://t.me/realLulzSec/18824 2024-09-21 16:06:49+00:00| published-proof-of-concept| https://t.me/realLulzSec/2041 2024-09-21...
CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
Server-Side Request Forgery SSRF, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue...
CVE-2024-45507
CVE-2024-45507 affects Apache OFBiz versions before 18.12.16. The issue combines Server-Side Request Forgery (SSRF) and Code Injection due to missing view authorization, enabling unauthenticated remote code execution on affected servers. Mitigation: upgrade to OFBiz 18.12.16 or later. No explicit...