Apache · Apache Ofbiz · CVE-2024-23946
**Name of the Vulnerable Software and Affected Versions**
Apache OFBiz versions prior to 18.12.12
**Description**
The issue concerns a possible path traversal in Apache OFBiz, allowing file inclusion. This vulnerability may enable remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability.
**Recommendations**
For versions prior to 18.12.12, upgrade to version 18.12.12 to fix the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.