CVE-2024-45507
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-45507 is a Server-Side Request Forgery (SSRF) vulnerability with code injection capabilities affecting Apache OFBiz versions prior to 18.12.16. Organizations using the affected versions are at risk of high confidentiality and integrity impacts, as the vulnerability allows unauthorized users to execute potentially harmful requests over the network. Remediation involves upgrading to version 18.12.16, which addresses this security flaw. The vulnerability has an exploitability score of 2.8 and a base severity rating of high, indicating that it can be exploited without requiring elevated privileges but necessitates user interaction. For further details on patching and updates, users can refer to the official Apache documentation and security advisories.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.