CVE-2024-36104

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.14

Description The issue affects Apache OFBiz due to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code, potentially leading to full system compromise. Approximately 841 devices may be affected.

Recommendations To resolve the issue, users are recommended to upgrade to version 18.12.14, which fixes the issue. As a temporary workaround, consider restricting access to vulnerable directories until a patch is applied.