Apache OFBiz vulnerable to Path Traversal attack

CVE-2024-36104

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 4 June 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.14

News Articles

SC Media

CVE-2024-36104

RCE possible with critical Apache OFBiz zero-day

Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.

3 months ago

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

👾
Exploit exists.
Aug 18, 2024
First article discovered by SC Media
Aug 7, 2024
Vulnerability published.
Jun 4, 2024
Vulnerability Reserved.
May 20, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

godspeed (AAA@ZJU)