Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-02-04'}


Tue, 04 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Thu, 05 Sep 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache ofbiz
CPEs cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache ofbiz
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Wed, 04 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 04 Sep 2024 08:30:00 +0000

Type Values Removed Values Added
Description Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Title Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Weaknesses CWE-425
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-07-30T01:36:34.075Z

Reserved: 2024-08-22T15:19:27.892Z

Link: CVE-2024-45195

cve-icon Vulnrichment

Updated: 2024-09-04T09:03:00.547Z

cve-icon NVD

Status : Modified

Published: 2024-09-04T09:15:04.397

Modified: 2025-02-05T02:00:01.767

Link: CVE-2024-45195

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.