CVE-2024-45195

Warnung

EPSS 94.13%
Veröffentlicht 04.09.2024 09:15:04
Zuletzt bearbeitet 06.03.2025 19:48:51
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Ofbiz Version < 18.12.16

04.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache OFBiz Forced Browsing Vulnerability

Schwachstelle

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.13%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://ofbiz.apache.org/security.html

Vendor Advisory

https://ofbiz.apache.org/download.html

Product

https://issues.apache.org/jira/browse/OFBIZ-13130

Vendor Advisory

Issue Tracking

https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy

Vendor Advisory

http://www.openwall.com/lists/oss-security/2024/09/03/6

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-45195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45195

EUVD