Apache OFBiz File Inclusion Vulnerability
CVE-2024-23946

5.3MEDIUM

Key Information:

Vendor
Apache
Status
Apache Ofbiz
Vendor
CVE Published:
29 February 2024

Summary

Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 18.12.12

References

https://ofbiz.apache.org/download.html
mitigation
https://ofbiz.apache.org/security.html
related
https://ofbiz.apache.org/release-notes-18.12.12.html
release-notes

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Arun Shaji from trendmicro.com
.