Security News > 2024 > September > Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
2024-09-06 05:22

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid


News URL

https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-45195 Forced Browsing vulnerability in Apache Ofbiz
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache CWE-425
7.5
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 305 58 853 656 313 1880