CVE-2024-45195

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.16

Description The issue is a Direct Request ('Forced Browsing') vulnerability in Apache OFBiz, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. This vulnerability has been actively exploited by hackers, with over 25,000 requests targeting 4,000 unique sites detected by Imperva. The vulnerability allows for unauthenticated remote code execution.

Recommendations Apache OFBiz versions prior to 18.12.16: Upgrade to version 18.12.16 to prevent attacks. As a temporary workaround, consider restricting access to vulnerable modules or functions until a patch is applied.