WEB APPLICATION VULNERABILITIES Standard & Premium

Apache OFBiz SSRF (CVE-2024-45507)

Description

OFBiz allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network, which is otherwise inaccessible externally. This feature can be exploited to perform SSRF (Server-Side Request Forgery) attacks, potentially leading to Remote Code Execution (RCE) on the server

Remediation

Upgrade to the latest version of OFBiz

References

Apache OFBiz 18.12.16 released

[CVE-2024-45507] Add validation to screen/script URI to block URL patterns

Related Vulnerabilities

MySQL CVE-2022-21327 Vulnerability (CVE-2022-21327)

Squid Improper Input Validation Vulnerability (CVE-2013-4123)

PHP Release of Invalid Pointer or Reference Vulnerability (CVE-2022-31625)

MySQL CVE-2017-3647 Vulnerability (CVE-2017-3647)

PostgreSQL Numeric Errors Vulnerability (CVE-2007-6067)

Severity

Critical

Classification

CVE-2024-45507 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities