PT-2024-1832 · Apache · Apache Ofbiz
Arun Shaji
·
Published
2024-01-17
·
Updated
2024-09-17
·
CVE-2024-23946
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache OFBiz versions prior to 18.12.12
Description
The issue concerns a possible path traversal in Apache OFBiz, allowing file inclusion. This vulnerability may enable remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability.
Recommendations
For versions prior to 18.12.12, upgrade to version 18.12.12 to fix the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.
Fix
Generation of Error Message Containing Sensitive Information
Path traversal
Information Disclosure
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Ofbiz