Unrated severityCISA KEVNVD Advisory· Published Sep 4, 2024· Updated Oct 21, 2025
Apache OFBiz: Confused controller-view authorization logic (forced browsing)
CVE-2024-45195
Description
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- ofbiz.apache.org/security.htmlmitrepatch
- lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wymitrevendor-advisory
- issues.apache.org/jira/browse/OFBIZ-13130mitreissue-tracking
- ofbiz.apache.org/download.htmlmitremitigationproductrelease-notes
News mentions
0No linked articles in our index yet.