Apache OFBiz vulnerable to Path Traversal attack

CVE-2024-36104

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 4 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.14

News Articles

SC Media

CVE-2024-36104

RCE possible with critical Apache OFBiz zero-day

Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.

5 months ago

References

https://ofbiz.apache.org/download.html

mitigation

https://ofbiz.apache.org/security.html

https://issues.apache.org/jira/browse/OFBIZ-13092

issue-tracking

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

👾
Exploit known to exist
Aug 7, 2024
📰
First article discovered by SC Media
Aug 7, 2024
Vulnerability published
Jun 4, 2024
Vulnerability Reserved
May 20, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

godspeed (AAA@ZJU)