Apache OFBiz: Direct Request ('Forced Browsing') (CVE-2024-45195) #shorts #breaking
CVE
This CVE concerns a Direct Request vulnerability, commonly known as 'Forced Browsing,' in Apache OFBiz software versions older than 18.12.16. It allows unauthorized access through direct URL entry, leading to potential remote code execution. This vulnerability can expose enterprise systems to significant risks, including data breaches. Users of Apache OFBiz affected by this issue are those utilizing versions prior to 18.12.16.
Watch the full video on YouTube: CVE-2024-45195
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
CVE database technical details
CVE ID
CVE-2024-45195
Description
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Provider
apache
CWE / problem types
CWE-425 Direct Request ('Forced Browsing')
Affected Software Versions
Apache Software Foundation:Apache OFBiz:[{'lessThan': '18.12.16', 'status': 'affected', 'version': '0', 'versionType': 'custom'}]
Date Published
2024-09-04T08:08:59.201Z
Last Updated
2025-02-04T17:20:24.051Z