cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-47208,https://securityvulnerability.io/vulnerability/CVE-2024-47208,SSRF and Code Injection Vulnerability in Apache OFBiz (before 18.12.17),"Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.",Apache,Apache Ofbiz,,,0.0006200000061653554,false,false,false,false,,false,false,2024-11-18T08:43:17.743Z,0
CVE-2024-48962,https://securityvulnerability.io/vulnerability/CVE-2024-48962,Injection and CSRF Vulnerability in Apache OFBiz Prior to 18.12.17,"Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.17.

Users are recommended to upgrade to version 18.12.17, which fixes the issue.",Apache,Apache Ofbiz,,,0.00044999999227002263,false,false,false,false,,false,false,2024-11-18T08:41:30.545Z,0
CVE-2024-45195,https://securityvulnerability.io/vulnerability/CVE-2024-45195,Apache OFBiz vulnerable to 'Forced Browsing' (Direct Request) attack,"The vulnerability CVE-2024-45195 affects Apache OFBiz versions before 18.12.16, allowing attackers to execute arbitrary code on the server without valid credentials. This vulnerability poses a severe risk to organizations relying on OFBiz, including potential data theft, disruption of operations, and lateral movement and persistence within the network. Apache has released a patch in version 18.12.16 to address this vulnerability, along with three other related vulnerabilities. Previous vulnerabilities in Apache OFBiz have been actively exploited, making it crucial for organizations to promptly implement the patch to safeguard their critical data and mitigate their attack surface.",Apache,Apache Ofbiz,7.5,HIGH,0.030239999294281006,false,true,false,true,,false,false,2024-09-04T08:08:59.201Z,0
CVE-2024-45507,https://securityvulnerability.io/vulnerability/CVE-2024-45507,Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code (Code Injection) Vulnerability in Apache OFBiz,"A vulnerability has been identified in Apache OFBiz that allows for server-side request forgery (SSRF) due to improper handling of code generation. This flaw can enable an attacker to manipulate web requests from the server, potentially leading to unauthorized access or data exposure. The vulnerability affects Apache OFBiz versions prior to 18.12.16. It is highly recommended that users upgrade to version 18.12.16 or later to mitigate this issue. For detailed information, users can refer to the official patches and mitigation strategies provided by Apache.",Apache,Apache Ofbiz,9.8,CRITICAL,0.5005000233650208,false,false,false,false,,true,false,2024-09-04T08:08:33.876Z,3498
CVE-2024-38856,https://securityvulnerability.io/vulnerability/CVE-2024-38856,Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14,"An incorrect authorization vulnerability exists in Apache OFBiz that affects versions up to 18.12.14. This issue permits unauthenticated endpoints to execute screen rendering code if certain preconditions are met, particularly when the screen definitions lack explicit checks for user permissions due to reliance on endpoint configurations. Users are advised to upgrade to version 18.12.15 to mitigate the vulnerability and secure their systems.",Apache,Apache Ofbiz,9.8,CRITICAL,0.9450200200080872,true,true,true,true,true,true,true,2024-08-05T08:20:18.081Z,7151
CVE-2024-36104,https://securityvulnerability.io/vulnerability/CVE-2024-36104,Apache OFBiz vulnerable to Path Traversal attack,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

",Apache,Apache Ofbiz,,,0.010599999688565731,false,true,false,true,,false,false,2024-06-04T07:25:07.746Z,0
CVE-2024-32113,https://securityvulnerability.io/vulnerability/CVE-2024-32113,Apache OFBiz Fixes Path Traversal Vulnerability,"The Apache OFBiz has a Path Traversal vulnerability, identified as CVE-2024-32113, that allows for arbitrary code execution. This vulnerability has been exploited, particularly by the Mirai Botnet, highlighting the urgency of upgrading to version 18.12.13 to fix the issue.

Another critical vulnerability affects VMware eSXI hypervisors, allowing for authentication bypass and potential ransomware exploits. It is crucial to ensure that all eSXI hypervisors are patched and to use two-factor authentication to enhance security.

Additionally, multiple flaws in Windows Security features, particularly Smart Screen and Smart App Control, have been reported, posing a risk of initial access with minimal user interaction. Teams are advised to carefully monitor and study downloads on their systems to mitigate this risk.",Apache,Apache Ofbiz,9.8,CRITICAL,0.9384499788284302,true,true,true,true,true,false,false,2024-05-08T14:50:07.272Z,0
CVE-2024-25065,https://securityvulnerability.io/vulnerability/CVE-2024-25065,Apache OFBiz Authentication Bypass Vulnerability,"
Possible path traversal in Apache OFBiz allowing authentication bypass.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.

",Apache,Apache Ofbiz,,,0.0004400000034365803,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2024-23946,https://securityvulnerability.io/vulnerability/CVE-2024-23946,Apache OFBiz File Inclusion Vulnerability,"Possible path traversal in Apache OFBiz allowing file inclusion.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.",Apache,Apache Ofbiz,5.3,MEDIUM,0.00949000008404255,false,false,false,false,,false,false,2024-02-29T01:44:00.000Z,0
CVE-2023-51467,https://securityvulnerability.io/vulnerability/CVE-2023-51467,Remote Code Execution Vulnerability in Apache Struts,"This vulnerability in Apache OFBiz enables attackers to bypass authentication mechanisms, resulting in unauthorized access to the system. Once authentication is circumvented, threats can execute arbitrary code remotely, posing a significant risk to the integrity and security of the affected systems. Organizations using Apache OFBiz are advised to apply available patches promptly and monitor for suspicious activity to mitigate potential risks associated with this vulnerability.",Apache,Apache Ofbiz,9.8,CRITICAL,0.6238399744033813,false,true,false,true,true,true,false,2023-12-26T15:15:00.000Z,0
CVE-2023-50968,https://securityvulnerability.io/vulnerability/CVE-2023-50968,Apache OFBiz: Arbitrary file properties reading and SSRF attack,"Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.

The same uri can be operated to realize a SSRF attack also  without  authorizations.

Users are recommended to upgrade to version 18.12.11, which fixes this issue.",Apache,Apache OFBiz,7.5,HIGH,0.5493500232696533,false,true,false,false,,false,false,2023-12-26T12:15:00.000Z,0
CVE-2023-49070,https://securityvulnerability.io/vulnerability/CVE-2023-49070,Pre-auth RCE in Apache Ofbiz Prior to 18.12.10 Due to XML-RPC No Longer Maintained,"
Pre-auth RCE in Apache Ofbiz 18.12.09.

It's due to XML-RPC no longer maintained still present.
This issue affects Apache OFBiz: before 18.12.10. 
Users are recommended to upgrade to version 18.12.10

",Apache,Apache Ofbiz,9.8,CRITICAL,0.8976799845695496,false,true,false,true,true,false,false,2023-12-05T08:15:00.000Z,0
CVE-2023-46819,https://securityvulnerability.io/vulnerability/CVE-2023-46819,Apache OFBiz: Execution of Solr plugin queries without authentication,"Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.
This issue affects Apache OFBiz: before 18.12.09. 

Users are recommended to upgrade to version 18.12.09

",Apache,Apache Ofbiz,5.3,MEDIUM,0.0013000000035390258,false,false,false,false,,false,false,2023-11-07T11:15:00.000Z,0
CVE-2022-47501,https://securityvulnerability.io/vulnerability/CVE-2022-47501,Apache OFBiz: Arbitrary file reading vulnerability,"An arbitrary file reading vulnerability exists in Apache OFBiz when the Solr plugin is in use. This vulnerability allows attackers to exploit the system prior to authentication, potentially exposing sensitive files. It is essential for users of affected versions to upgrade to mitigate this risk effectively.",Apache,Apache Ofbiz,7.5,HIGH,0.057029999792575836,false,false,false,false,,false,false,2023-04-14T15:01:31.987Z,0
CVE-2022-29158,https://securityvulnerability.io/vulnerability/CVE-2022-29158,Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz,"Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599",Apache,Apache Ofbiz,7.5,HIGH,0.002420000033453107,false,false,false,false,,false,false,2022-09-02T07:10:20.000Z,0
CVE-2022-29063,https://securityvulnerability.io/vulnerability/CVE-2022-29063,Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz,"The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.",Apache,Apache Ofbiz,9.8,CRITICAL,0.005200000014156103,false,false,false,true,true,false,false,2022-09-02T07:10:19.000Z,0
CVE-2022-25813,https://securityvulnerability.io/vulnerability/CVE-2022-25813,Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz,"In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the ""Contact us"" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.",Apache,Apache Ofbiz,7.5,HIGH,0.001970000099390745,false,false,false,true,true,false,false,2022-09-02T07:10:18.000Z,0
CVE-2022-25371,https://securityvulnerability.io/vulnerability/CVE-2022-25371,Unauth Path Traversal with file corruption affecting the Birt plugin of Apache OFBiz,"Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.",Apache,Apache Ofbiz,9.8,CRITICAL,0.020880000665783882,false,false,false,false,,false,false,2022-09-02T07:10:17.000Z,0
CVE-2022-25370,https://securityvulnerability.io/vulnerability/CVE-2022-25370,Unauth Stored XSS vulnerability in the Birt plugin of Apache OFBiz,"Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.",Apache,Apache Ofbiz,5.4,MEDIUM,0.0010499999625608325,false,false,false,false,,false,false,2022-09-02T07:10:16.000Z,0
CVE-2021-37608,https://securityvulnerability.io/vulnerability/CVE-2021-37608,Arbitrary file upload vulnerability in OFBiz,Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.,Apache,Apache Ofbiz,9.8,CRITICAL,0.012509999796748161,false,false,false,false,,false,false,2021-08-18T07:50:12.000Z,0
CVE-2021-30128,https://securityvulnerability.io/vulnerability/CVE-2021-30128,Unsafe deserialization in Apache OFBiz,Apache OFBiz has unsafe deserialization prior to 17.12.07 version,Apache,Apache Ofbiz,9.8,CRITICAL,0.5684199929237366,false,false,false,true,true,false,false,2021-04-27T19:50:14.000Z,0
CVE-2021-29200,https://securityvulnerability.io/vulnerability/CVE-2021-29200,RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI,Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack,Apache,Apache Ofbiz,9.8,CRITICAL,0.9462900161743164,false,false,false,true,true,false,false,2021-04-27T19:50:13.000Z,0
CVE-2021-26295,https://securityvulnerability.io/vulnerability/CVE-2021-26295,RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI,Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.,Apache,Apache Ofbiz,9.8,CRITICAL,0.9728699922561646,false,false,false,true,true,false,false,2021-03-22T12:00:18.000Z,0
CVE-2020-9496,https://securityvulnerability.io/vulnerability/CVE-2020-9496,,XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03,Apache,Apache Ofbiz,6.1,MEDIUM,0.9233999848365784,false,false,false,true,true,false,false,2020-07-15T15:39:31.000Z,0
CVE-2020-13923,https://securityvulnerability.io/vulnerability/CVE-2020-13923,,IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04,Apache,Apache Ofbiz,5.3,MEDIUM,0.005189999938011169,false,false,false,false,,false,false,2020-07-15T15:38:13.000Z,0