Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

kev

{'dateAdded': '2024-08-07'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Thu, 13 Feb 2025 18:00:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Thu, 08 Aug 2024 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache ofbiz
CPEs cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache ofbiz
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-07-30T01:37:04.026Z

Reserved: 2024-04-11T06:42:13.766Z

Link: CVE-2024-32113

cve-icon Vulnrichment

Updated: 2024-08-02T02:06:44.061Z

cve-icon NVD

Status : Modified

Published: 2024-05-08T15:15:10.227

Modified: 2025-02-13T18:18:02.173

Link: CVE-2024-32113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.