Security News > 2024 > September > Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
2024-09-06 05:22
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid
News URL
https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
Related news
- New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- CUPS flaws enable Linux remote code execution, but there’s a catch (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |