Apache OFBiz Authentication Bypass Vulnerability
CVE-2024-25065

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 29 February 2024

What is CVE-2024-25065?

A path traversal vulnerability exists in Apache OFBiz that may allow an attacker to bypass authentication measures. By exploiting this flaw, unauthorized users could gain access to restricted areas of the application. Users are highly encouraged to upgrade to version 18.12.12, which addresses and resolves this security risk effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache OFBiz 0 < 18.12.12

References

https://ofbiz.apache.org/download.html

mitigation

https://ofbiz.apache.org/security.html

https://ofbiz.apache.org/release-notes-18.12.12.html

release-notes

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 4, 2024

Credit

YunPeng - 郭运鹏 <puata123@outlook.com>

JSON

Apache

What is CVE-2024-25065?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.