CVE-2024-45195

Published Sep 4, 2024

Last updated 7 months ago

Exploit knownCVSS high 7.5
web application

Overview

Description
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Source
security@apache.org
NVD status
Analyzed
Products
ofbiz

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Apache OFBiz Forced Browsing Vulnerability
Exploit added on
Feb 4, 2025
Exploit action due
Feb 25, 2025
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

security@apache.org
CWE-425

Social media

Hype score
Not currently trending

  1. 🚨CVE-2024-45195: How "Forced Browsing" leads to Unauth RCE in Apache OFBiz. #CVE202445195 #CyberSecurity #CISA #Infosec #BugBounty #RCE #Pentesting #ApacheOFBiz https://t.co/0gBbxndcId

    @r0otk3r

    4 Mar 2026

    79 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    31 Mar 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    17 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    13 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    10 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Apache, Mise en garde CISA sur l’exploitation d’une faille d’élévation de privilèges dans OFBiz. Vulnérabilité critique OFBiz – CVE-2024-45195. https://t.co/ua2LK8gIj2 #.Contournement de Politique Sécurité #.Correctif #.Elévation de Privilèges #.Exploitation #.Faille #CISA

    @NicolasCoolman

    10 Feb 2025

    28 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    9 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    9 Feb 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. #CISA added four #security flaws (CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, CVE-2018-19410) to its KEV) catalogue. #Cybersecurity #infosec https://t.co/zaPMURFpJE https://t.co/BE5HDzKk6O

    @twelvesec

    7 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    7 Feb 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. #DOYOUKNOWCVE CISA ALERT! CISA Adds 4 New Exploited Vulnerabilities to KEV Catalog: Key Insights on CVE Type, Affected Products, Mitigation and Impact 🔹 CVE-2024-45195 – Forced Browsing Vulnerability in Apache OFBiz 🔹 CVE-2024-29059 – Information Disclosure Vulnerability in… h

    @Loginsoft_Inc

    6 Feb 2025

    62 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    6 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CISA añade cuatro vulnerabilidades explotadas activamente al catálogo de KEV. La lista de vulnerabilidades es la siguiente: CVE-2024-45195 (CVSS: 7,5/9,8), CVE-2024-29059 (CVSS: 7,5), CVE-2018-9276 (CVSS: 7,2) y CVE-2018-19410 (CVSS: 9,8). #cybersecurity https://t.co/auOVJDqTtm

    @EHCGroup

    5 Feb 2025

    56 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Actively exploited CVE : CVE-2024-45195

    @transilienceai

    5 Feb 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1254 CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability ============= CVSSスコア:9.8 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 種別:リクエストの直接送信(CWE-425 / CISA-ADP)… https://t.co/On9GBdw2jQ

    @piyokango

    5 Feb 2025

    4072 Impressions

    1 Retweet

    9 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. #Vulnerability #ApacheOFBiz Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released https://t.co/8j78f7lQ9j

    @Komodosec

    20 Oct 2024

    67 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.CVE-2026-46586
  2. Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.CVE-2026-41919
  3. Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.CVE-2026-35086
  4. Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.CVE-2026-31910
  5. Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.CVE-2026-45434

References

Sources include official advisories and independent security research.