vulnerability

Apache OFBiz: CVE-2024-38856: Incorrect Authorization vulnerability.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 5, 2024	Dec 23, 2024	Dec 23, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 5, 2024

Added

Dec 23, 2024

Modified

Dec 23, 2024

Description

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

Solution

apache-ofbiz-upgrade-latest

References

CVE-2024-38856
https://attackerkb.com/topics/CVE-2024-38856

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today