Lucene search
ApacheVULNRICHMENT:CVE-2024-45195HistorySep 04, 2024 - 8:08 a.m.
CVE-2024-45195 Apache OFBiz: Confused controller-view authorization logic (forced browsing)
2024-09-0408:08:59
CWE-425
apache
github.com
10
apache ofbiz
forced browsing
controller-view authorization
cve-2024-45195
AI Score
7.1
Confidence
Low
EPSS
0.038
Percentile
92.0%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Direct Request (‘Forced Browsing’) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "ofbiz",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "18.12.16",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-45195
2024-09-04 09:15:04
cvelist
cvelist
cve
cve
CVE-2024-45195
2024-09-04 09:15:04
nessus
nessus
Apache OFBiz < 18.12.16 Multiple Vulnerabilities
2024-09-13 00:00:00
impervablog
impervablog
f5
f5
rapid7blog
rapid7blog
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
2024-09-05 14:54:31
thn
thn
AI Score
7.1
Confidence
Low
EPSS
0.038
Percentile
92.0%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-45195