Loading…

Cookies and privacy

We use strictly necessary cookies to run the site. With your permission we also load Vercel Web Analytics and Speed Insights to measure traffic and performance in aggregate. See our Cookie Policy and Privacy Policy.

CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability · Scorifya

CVE detail

CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

Apache · OFBiz

Date added (KEV): Feb 04, 2025
CISA due date: Feb 25, 2025
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor advisory

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://ofbiz.apache.org/security.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-45195

References

https://issues.apache.org/jira/browse/OFBIZ-13130Issue TrackingVendor Advisory
https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wyVendor Advisory
https://ofbiz.apache.org/security.htmlVendor Advisory
https://ofbiz.apache.org/download.htmlProduct
http://www.openwall.com/lists/oss-security/2024/09/03/6Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195

Other recent CVEs from Apache

CVE-2026-34197ActiveMQ — Apache ActiveMQ Improper Input Validation Vulnerability
CVE-2024-38475HTTP Server — Apache HTTP Server Improper Escaping of Output Vulnerability
CVE-2025-24813Tomcat — Apache Tomcat Path Equivalence Vulnerability
CVE-2024-27348HugeGraph-Server — Apache HugeGraph-Server Improper Access Control Vulnerability
CVE-2024-38856OFBiz — Apache OFBiz Incorrect Authorization Vulnerability

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching Apache changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology