VYPR
Unrated severityCISA KEVNVD Advisory· Published Sep 4, 2024· Updated Oct 21, 2025

Apache OFBiz: Confused controller-view authorization logic (forced browsing)

CVE-2024-45195

Description

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 18.12.16.

Users are recommended to upgrade to version 18.12.16, which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Apache/Ofbizllm-fuzzy2 versions
    <18.12.16+ 1 more
    • (no CPE)range: <18.12.16
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.