Lucene search

ApacheCVELIST:CVE-2024-25065

HistoryFeb 28, 2024 - 3:42 p.m.

CVE-2024-25065 Apache OFBiz: Path traversal allowing authentication bypass.

2024-02-2815:42:50

CWE-22

apache

www.cve.org

apache

ofbiz

path traversal

authentication bypass

upgrade

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

Possible path traversal in Apache OFBiz allowing authentication bypass.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OFBiz",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "18.12.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2024/02/28/10

issues.apache.org/jira/browse/OFBIZ-12887

lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc

ofbiz.apache.org/download.html

ofbiz.apache.org/release-notes-18.12.12.html

ofbiz.apache.org/security.html