Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz

CVE-2024-45507

9.8CRITICAL

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 4 September 2024

Badges

😄 Trended🟡 EPSS 55%

Summary

Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Affected Version(s)

Apache OFBiz < 18.12.16

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability started trending.
Sep 13, 2024
Vulnerability published.
Sep 4, 2024
Vulnerability Reserved.
Sep 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

孙相 (Sun Xiang)