Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiArun Shaji of Trend Micro DSLabsZDI-24-183
HistoryFeb 21, 2024 - 12:00 a.m.

Apache OFBiz createRegister Error Message Information Disclosure Vulnerability

2024-02-2100:00:00
Arun Shaji of Trend Micro DSLabs
www.zerodayinitiative.com
4
apache ofbiz
createregister
vulnerability
information disclosure
error message
sensitive information
internal paths

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that includes sensitive information. An attacker can leverage this vulnerability to disclose the names of internal paths used by the system.

Related

nvd 1
prion 1
cvelist 1
cve 1
nvd
nvd
CVE-2024-23946
2024-02-29 01:44:11
prion
prion
Path traversal
2024-02-29 01:44:00
cvelist
cvelist
CVE-2024-23946 Apache OFBiz: Path traversal or file inclusion
2024-02-28 15:44:41
cve
cve
CVE-2024-23946
2024-02-29 01:44:11

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON
Related for ZDI-24-183
nvd1prion1cvelist1cve1