Apache OFBiz Authentication Bypass Vulnerability
CVE-2024-25065

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 29 February 2024

Summary

A path traversal vulnerability exists in Apache OFBiz that may allow an attacker to bypass authentication measures. By exploiting this flaw, unauthorized users could gain access to restricted areas of the application. Users are highly encouraged to upgrade to version 18.12.12, which addresses and resolves this security risk effectively.

Affected Version(s)

Apache OFBiz 0 < 18.12.12

References

https://ofbiz.apache.org/download.html

mitigation

https://ofbiz.apache.org/security.html

https://ofbiz.apache.org/release-notes-18.12.12.html

release-notes

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 4, 2024

Credit

YunPeng - 郭运鹏 <[email protected]>