← back
CVE-2024-23946

Apache OFBiz: Path traversal or file inclusion

CVSS 5.3 MEDIUMEPSS 3.1%CWE-22CWE-434
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 3.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
28 Feb 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Apache Software Foundation · Apache OFBiz

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://issues.apache.org/jira/browse/OFBIZ-12884https://lists.apache.org/thread/w4lp5ncpzttf41hn5bsc04mzq4o6lw3ghttps://ofbiz.apache.org/download.htmlhttps://ofbiz.apache.org/release-notes-18.12.12.htmlhttps://ofbiz.apache.org/security.htmlhttp://www.openwall.com/lists/oss-security/2024/02/28/9