Vulnerabilities > Apache > Ofbiz > 18.12.15

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-48962 Code Injection vulnerability in Apache Ofbiz
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
network
low complexity
apache CWE-94
8.8
8.8
2024-09-04 CVE-2024-45195 Forced Browsing vulnerability in Apache Ofbiz
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache CWE-425
7.5
7.5
2024-09-04 CVE-2024-45507 Unspecified vulnerability in Apache Ofbiz
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache
critical
 9.8
9.8