|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-09-10 | |
| Rule Name: | Apache Ofbiz Unauthenticated Remote Code Execution Vulnerability (CVE-2024-45195) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apache OFBiz is an enterprise resource planning (ERP) system from the Apache Foundation. The system provides a complete set of Java-based Web application components and tools. Versions earlier than Apache OFBiz 18.12.16 have remote code execution vulnerabilities that allow remote attackers to gain server permissions by controlling requests and writing malicious files. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://issues.apache.org/jira/browse/OFBIZ-13130 https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy |