Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack
Key Information
- Vendor
- Apache
- Status
- Apache Ofbiz
- Vendor
- CVE Published:
- 4 September 2024
Badges
Summary
The vulnerability CVE-2024-45195 affects Apache OFBiz versions before 18.12.16, allowing attackers to execute arbitrary code on the server without valid credentials. This vulnerability poses a severe risk to organizations relying on OFBiz, including potential data theft, disruption of operations, and lateral movement and persistence within the network. Apache has released a patch in version 18.12.16 to address this vulnerability, along with three other related vulnerabilities. Previous vulnerabilities in Apache OFBiz have been actively exploited, making it crucial for organizations to promptly implement the patch to safeguard their critical data and mitigate their attack surface.
Affected Version(s)
Apache OFBiz < 18.12.16
News Articles
Duo Security CVE-2024-45195CVE-2024-32113Apache Fixes OFBiz Remote Code Execution Flaw
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
2 months ago
CSO Online CVE-2024-45195CVE-2024-32113Apache OFBiz patches new critical remote code execution flaw
The vulnerability represents a bypass of fixes put in place this year for three critical RCE flaws that had the same root cause and have since been used in attacks.
3 months ago
The Cyber Express CVE-2024-45195Critical Apache OFBiz RCE Vulnerability Patched CVE-2024-45195
Apache OFBiz has released a critical patch for a RCE vulnerability. Users are urged to update their installations immediately.
3 months ago
EPSS Score
3% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by SecurityWeek
Vulnerability published.
Vulnerability Reserved.