CVE-2024-48962

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 94
CWE ID 352
CWE ID 1336

Summary

CVE-2024-48962 is a vulnerability affecting Apache OFBiz versions before 18.12.17. The issue involves improper control of code generation, leading to Code Injection and Cross-Site Request Forgery (CSRF) attacks. Malicious actors can exploit this vulnerability in a Template Engine to execute arbitrary code or perform unintended actions on behalf of users. To mitigate this risk, it is strongly recommended that users upgrade to Apache OFBiz version 18.12.17, which includes the necessary fixes.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache OFBiz

Affected Vendors

  • Apache Software Foundation