Lucene search
ApacheVULNRICHMENT:CVE-2024-45507HistorySep 04, 2024 - 8:08 a.m.
CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE
2024-09-0408:08:33
CWE-94
CWE-918
apache
github.com
11
cve-2024-45507
apache ofbiz
url prevention
java
groovy
rce
server-side request forgery
code injection
upgrade 18.12.16
AI Score
7.4
Confidence
High
EPSS
0.555
Percentile
97.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_ofbiz:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_ofbiz",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "18.12.16",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2024-45507
2024-09-04 09:15:04
cve
cve
CVE-2024-45507
2024-09-04 09:15:04
nessus
nessus
Apache OFBiz < 18.12.16 Multiple Vulnerabilities
2024-09-13 00:00:00
thn
thn
AI Score
7.4
Confidence
High
EPSS
0.555
Percentile
97.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-45507