This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Metrics
Affected Vendors & Products
Wed, 30 Jul 2025 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|
Wed, 28 Aug 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache ofbiz |
|
CPEs | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache ofbiz |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 07 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Apache
Apache ofbiz |
|
References |
| |
Metrics |
ssvc
|
Wed, 07 Aug 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache ofbiz |
|
CPEs | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache ofbiz |
|
References |
|
|
Metrics |
ssvc
|
Tue, 06 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Apache
Apache ofbiz |
|
References |
| |
Metrics |
ssvc
|
Tue, 06 Aug 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache ofbiz |
|
CPEs | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache ofbiz |
|
References |
|
|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2025-07-30T01:36:36.575Z
Reserved: 2024-06-20T07:28:36.680Z
Link: CVE-2024-38856

Updated: 2024-08-05T09:02:45.537Z

Status : Analyzed
Published: 2024-08-05T09:15:56.780
Modified: 2024-12-20T16:35:41.330
Link: CVE-2024-38856

No data.

No data.