Metrics
Affected Vendors & Products
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
cvssV3_1
|
Tue, 19 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache ofbiz |
|
CPEs | cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache ofbiz |
|
Metrics |
cvssV3_1
|
Mon, 18 Nov 2024 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | |
Title | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) | |
Weaknesses | CWE-1336 CWE-352 CWE-94 |
|
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: apache
Published: 2024-11-18T08:41:30.545Z
Updated: 2024-11-21T15:34:27.275Z
Reserved: 2024-10-10T06:25:35.776Z
Link: CVE-2024-48962
Updated: 2024-11-18T09:03:47.896Z
Status : Awaiting Analysis
Published: 2024-11-18T09:15:06.237
Modified: 2024-11-21T16:15:26.007
Link: CVE-2024-48962
No data.