Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache ofbiz |
|
CPEs | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache ofbiz |
|
Metrics |
cvssV3_1
|
Wed, 04 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 04 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | |
Title | Apache OFBiz: Confused controller-view authorization logic (forced browsing) | |
Weaknesses | CWE-425 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-09-04T08:08:59.201Z
Updated: 2024-09-06T14:25:24.280Z
Reserved: 2024-08-22T15:19:27.892Z
Link: CVE-2024-45195
Vulnrichment
Updated: 2024-09-04T09:03:00.547Z
NVD
Status : Modified
Published: 2024-09-04T09:15:04.397
Modified: 2024-11-21T09:37:28.073
Link: CVE-2024-45195
Redhat
No data.