CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2024-36104 – Apache OFBiz: Path traversal leading to a RCE
https://notcve.org/view.php?id=CVE-2024-36104
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.14. Se recomienda a los usuarios actualizar a la versión 18.12.14, que soluciona el problema. • https://github.com/ggfzx/CVE-2024-36104 http://www.openwall.com/lists/oss-security/2024/06/03/1 https://issues.apache.org/jira/browse/OFBIZ-13092 https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 88%CPEs: 1EXPL: 4CVE-2024-32113 – Apache OFBiz Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.13. Se recomienda a los usuarios actualizar a la versión 18.12.13, que soluciona el problema. Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. • https://www.exploit-db.com/exploits/52020 https://github.com/Mr-xn/CVE-2024-32113 https://github.com/RacerZ-fighting/CVE-2024-32113-POC https://github.com/YongYe-Security/CVE-2024-32113 http://www.openwall.com/lists/oss-security/2024/05/09/1 https://issues.apache.org/jira/browse/OFBIZ-13006 https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25065 – Apache OFBiz: Path traversal allowing authentication bypass.
https://notcve.org/view.php?id=CVE-2024-25065
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. Posible path traversal en Apache OFBiz que permite omitir la autenticación. Se recomienda a los usuarios actualizar a la versión 18.12.12, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/02/28/10 https://issues.apache.org/jira/browse/OFBIZ-12887 https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc https://ofbiz.apache.org/download.html https://ofbiz.apache.org/release-notes-18.12.12.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •