Security News > 2024 > September > Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
2024-09-06 05:22
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid
News URL
https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |