Vulnerabilities > CVE-2024-38856

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

CWE-863

NVD

Published: 2024-08-05

Updated: 2024-08-06

Summary

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w
https://issues.apache.org/jira/browse/OFBIZ-13128

Vulnerabilities > CVE-2024-38856 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2024-38856"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2024-38856