Unrated severityCISA KEVNVD Advisory· Published Sep 4, 2024· Updated Oct 21, 2025
Apache OFBiz: Confused controller-view authorization logic (forced browsing)
CVE-2024-45195
Description
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Affected products
1- Apache Software Foundation/Apache OFBizv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- ofbiz.apache.org/security.htmlmitrepatch
- lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wymitrevendor-advisory
- issues.apache.org/jira/browse/OFBIZ-13130mitreissue-tracking
- ofbiz.apache.org/download.htmlmitremitigationproductrelease-notes
News mentions
0No linked articles in our index yet.