Apache OFBiz vulnerable to Path Traversal attack
CVE-2024-36104

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Ofbiz
Vendor
CVE Published:
4 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Affected Version(s)

Apache OFBiz 0 < 18.12.14

News Articles

favicon imageSC Media

RCE possible with critical Apache OFBiz zero-day

Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.

6 months ago

References

https://ofbiz.apache.org/download.html
mitigation
https://ofbiz.apache.org/security.html
related
https://issues.apache.org/jira/browse/OFBIZ-13092
issue-tracking

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SC Media

  • Vulnerability published

  • Vulnerability Reserved

Credit

godspeed (AAA@ZJU)
.