9.8
CVE-2026-45434
- EPSS 22.88%
- Veröffentlicht 19.05.2026 09:40:26
- Zuletzt bearbeitet 20.05.2026 17:16:24
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.88% | 0.974 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://lists.apache.org/thread/yw4owrzl0yho1yx7oqxvr6xjkmln9tq8
http://www.openwall.com/lists/oss-security/2026/05/19/29