Main Vulnerability Database Vulnerabilities #VU91168

Path traversal in OFBiz - CVE-2024-36104

Published: June 5, 2024

Vulnerability identifier: #VU91168

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-36104

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OFBiz

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Successful exploitation of the vulnerability may allows an attacker to execute arbitrary code.

Remediation

Install update from vendor's website.

External links

https://issues.apache.org/jira/browse/OFBIZ-13092
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o

Path traversal in OFBiz - CVE-2024-36104

Description

Remediation

External links

Please verify you're human