Security News > 2024 > September > Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
2024-09-06 10:01
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an open-source suite for enterprise resource planning (ERP), which contains web applications for human resources management, customer relationship management, accounting, marketing, etc. “Apache OFBiz is used by numerous large organizations, and previously disclosed vulnerabilities for it have … More → The post Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/06/cve-2024-45195/
Related news
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |