CVE-2024-48962
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 94
CWE ID 352
CWE ID 1336
Summary
CVE-2024-48962 is a vulnerability affecting Apache OFBiz versions before 18.12.17. The issue involves improper control of code generation, leading to Code Injection and Cross-Site Request Forgery (CSRF) attacks. Malicious actors can exploit this vulnerability in a Template Engine to execute arbitrary code or perform unintended actions on behalf of users. To mitigate this risk, it is strongly recommended that users upgrade to Apache OFBiz version 18.12.17, which includes the necessary fixes.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Apache OFBiz
Affected Vendors
- Apache Software Foundation