Security News > 2024 > September > Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
2024-09-06 10:01
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an open-source suite for enterprise resource planning (ERP), which contains web applications for human resources management, customer relationship management, accounting, marketing, etc. “Apache OFBiz is used by numerous large organizations, and previously disclosed vulnerabilities for it have … More → The post Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/06/cve-2024-45195/
Related news
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633) (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- CISA warns about actively exploited Apache OFBiz RCE flaw (source)
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |