CVE-2024-45507

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 94
CWE ID 918

Summary

CVE-2024-45507 is a Server-Side Request Forgery (SSRF) vulnerability with code injection capabilities affecting Apache OFBiz versions prior to 18.12.16. Organizations using the affected versions are at risk of high confidentiality and integrity impacts, as the vulnerability allows unauthorized users to execute potentially harmful requests over the network. Remediation involves upgrading to version 18.12.16, which addresses this security flaw. The vulnerability has an exploitability score of 2.8 and a base severity rating of high, indicating that it can be exploited without requiring elevated privileges but necessitates user interaction. For further details on patching and updates, users can refer to the official Apache documentation and security advisories.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share