CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-45195

Critical Severity
Apache
SVRS
71/100
CVSSv3
7.5/10
EPSS
0.9413/1

CVE-2024-45195 is a Direct Request ('Forced Browsing') vulnerability in Apache OFBiz, allowing unauthorized access. This Apache OFBiz vulnerability affects versions prior to 18.12.16 and could allow attackers to bypass intended access controls. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) of 71 indicates a significant risk level, nearing critical. Although not in the critical range (>80), the presence of active exploits and the CISA KEV tag indicates the potential for exploitation is high. Users should upgrade to version 18.12.16 immediately to mitigate this threat. This vulnerability's significance is amplified by its presence "In The Wild" and the availability of exploits, increasing the likelihood of it being targeted. Immediate patching is strongly advised.

TAGS
In The Wild
Mitigation
Release-notes
Vendor-advisory
Product
Patch
Issue-tracking
CISA KEV
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-09-04
LAST MODIFIED2025-03-06
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-45195 is a Direct Request ('Forced Browsing') vulnerability in Apache OFBiz, affecting versions prior to 18.12.16. This vulnerability allows an attacker to force a user to browse to a specific URL, potentially leading to phishing attacks or malware distribution. The SVRS score of 73 indicates a high severity, highlighting the urgency of addressing this threat.

Key Insights

  • Exploitation in the Wild: This vulnerability is actively exploited by hackers, making it crucial for organizations to take immediate action.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, emphasizing the need for immediate mitigation measures.
  • Threat Actors: Specific threat actors or APT groups actively exploiting this vulnerability have not been identified.
  • Impact: This vulnerability can lead to phishing attacks, malware distribution, and other malicious activities, posing a significant risk to organizations and individuals.

Mitigation Strategies

  • Upgrade to the Latest Version: Upgrade to Apache OFBiz version 18.12.16 or later to address this vulnerability.
  • Implement Web Application Firewall (WAF): Deploy a WAF to block malicious requests and protect against forced browsing attacks.
  • Enable Content Security Policy (CSP): Configure CSP to restrict the loading of external resources and prevent phishing attempts.
  • Educate Users: Train users to be aware of phishing scams and to avoid clicking on suspicious links or opening attachments from unknown sources.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
IP
103.140.62.432025-01-22
IP
146.190.133.672025-01-22
IP
162.240.110.2502025-01-22

Exploits

TitleSoftware LinkDate
Apache OFBiz Forced Browsing Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-451952025-02-04
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Friday, September 6th, 2024
Dr. Johannes B. Ullrich2024-09-06
ISC StormCast for Friday, September 6th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Enriching Logs; Veeam Update; More OFBiz Issues; Cisco License Manager Patches;Enrichment Data: Keeping it Fresh https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236 Veeam Update https://www.veeam.com/kb4649 New OFBiz Vulnerabilities https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ Cisco Smart License Manager Patches <a href="https://sec.cloudapps.cisco.com
sans.edu
rss
forum
news
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-02-05
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In September 2024, Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) [&#8230;]
securityaffairs.co
rss
forum
news
CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively Exploited in the Wild
Balaji N2025-02-05
CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively Exploited in the Wild | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding several newly identified vulnerabilities to its authoritative list of security flaws exploited in the wild. This catalog Developed to assist cybersecurity professionals in prioritizing vulnerability management, the KEV catalog serves as a critical resource for organizations aiming to [&#8230;] The post CISA Adds Apache, Microsoft Vulnerabilities to Its Database that Are Actively
cybersecuritynews.com
rss
forum
news
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
[email protected] (The Hacker News)2025-02-05
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized
feedburner.com
rss
forum
news
CVE-2024-45195 | Apache OFBiz up to 18.12.15 Controller View direct request
vuldb.com2025-02-04
CVE-2024-45195 | Apache OFBiz up to 18.12.15 Controller View direct request | A vulnerability classified as problematic has been found in Apache OFBiz up to 18.12.15. Affected is an unknown function of the component Controller View. The manipulation leads to direct request. This vulnerability is traded as CVE-2024-45195. Access to the local network is required for this attack to succeed. Furthermore, there
vuldb.com
rss
forum
news
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA2025-02-04
CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA has added four new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45195&nbsp;Apache OFBiz Forced Browsing Vulnerability CVE
cisa.gov
rss
forum
news
9th September – Threat Intelligence Report
lorenf2024-11-01
9th September – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 9th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The German air traffic control agency, Deutsche Flugsicherung, has confirmed a cyberattack that impacted its administrative IT infrastructure. The extent of data accessed is still under investigation, and flight operations remained unaffected. [&#8230;] The post 9th September – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news

Social Media

Actively exploited CVE : CVE-2024-45195
1
0
0
#DOYOUKNOWCVE CISA ALERT! CISA Adds 4 New Exploited Vulnerabilities to KEV Catalog: Key Insights on CVE Type, Affected Products, Mitigation and Impact 🔹 CVE-2024-45195 – Forced Browsing Vulnerability in Apache OFBiz 🔹 CVE-2024-29059 – Information Disclosure Vulnerability in https://t.co/KtILRGI3QD
0
1
3
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-45195 #Apache #OFBiz Forced Browsing Vulnerability https://t.co/51tXEQuIkc
0
0
0
CISA añade cuatro vulnerabilidades explotadas activamente al catálogo de KEV. La lista de vulnerabilidades es la siguiente: CVE-2024-45195 (CVSS: 7,5/9,8), CVE-2024-29059 (CVSS: 7,5), CVE-2018-9276 (CVSS: 7,2) y CVE-2018-19410 (CVSS: 9,8). #cybersecurity https://t.co/auOVJDqTtm
0
1
0
🚨 CISA adds 4 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog! 🚨 🔹 Apache OFBiz (CVE-2024-45195) 🔹 Microsoft .NET Framework (CVE-2024-29059) 🔹 Paessler PRTG Network Monitor (CVE-2018-9276, CVE-2018-19410) #CyberSecurity #CISA #PatchNow #Infosec
0
0
1
Actively exploited CVE : CVE-2024-45195
1
0
0
CVE-2024-38856 and CVE-2024-45195 – Apache OFBiz Security Vulnerabilities – August 2024: Critical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disruption of Critical… https://t.co/nzva594HXj https://t.co/J8qS2bT2zS
0
0
0
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) | #HelpNetSecurity #CyberSecurity https://t.co/23KHVVHFOm
0
0
0
Since the disclosure of CVE-2024-45195, Imperva has detected over 25,000 requests targeting 4,000 unique sites. Read this blog for an analysis and to learn how Imperva protects customers from the critical #vulnerability: https://t.co/ZAZz2tHVAv https://t.co/2euiYpevD0
0
0
0
Apache OFBiz has patched critical vulnerabilities, including RCE (CVE-2024-45195) and SSRF (CVE-2024-45507), enhancing system security. Read More At: https://t.co/IGhg7oPPW3 #Foresiet #DarkWeb #Cybersecurity #Privacy #Infosec #DataBreach https://t.co/KDPjs8m9yB
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApacheofbiz

References

ReferenceLink
[email protected]https://issues.apache.org/jira/browse/OFBIZ-13130
[email protected]https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
[email protected]https://ofbiz.apache.org/download.html
[email protected]https://ofbiz.apache.org/security.html
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/09/03/6
[email protected]https://issues.apache.org/jira/browse/OFBIZ-13130
[email protected]https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
[email protected]https://ofbiz.apache.org/download.html
[email protected]https://ofbiz.apache.org/security.html

CWE Details

CWE IDCWE NameDescription
CWE-425Direct Request ('Forced Browsing')The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence