Apache OFBiz Authentication Bypass Vulnerability
CVE-2024-25065

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Ofbiz
Vendor
CVE Published:
29 February 2024

Summary

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 18.12.12

References

https://ofbiz.apache.org/download.html
mitigation
https://ofbiz.apache.org/security.html
related
https://ofbiz.apache.org/release-notes-18.12.12.html
release-notes

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

YunPeng - 郭 运鹏 <[email protected]>
.