Apache OFBiz Product Security Update Advisory (CVE-2024-45195, CVE-2024-45507)

Sep 09 2024

Overview

An update has been released to address vulnerabilities in Apache OFBiz Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-45195, CVE-2024-45507

Apache OFBiz versions: ~ 18.12.16 (excluded)

Resolved Vulnerabilities

Direct Request (‘Force Browsing’) Vulnerability in Apache OFBiz (CVE-2024-45195)

Improper Control of Code Generation (“Code Injection”) Vulnerability in Apache OFBiz (CVE-2024-45507)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-45195, CVE-2024-45507

Apache OFBiz version: 18.12.16

References

[1] CVE-2024-45195 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45195

[2] CVE-2024-45507 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45507

[2] APACHE OFBiz /download

https://ofbiz.apache.org/download.html

Apache OFBiz Product Security Update Advisory (CVE-2024-45195, CVE-2024-45507)

Cisco Products September 2024 First Security Update Advisory

IBM Product Security Update Advisory

Tags:

Cisco Products September 2024 First Security Update Advisory

IBM Product Security Update Advisory