August 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Mozilla Firefox Vulnerabilities
September 5, 2024
Novel Cross-Platform Malware KTLVdoor Targeting Chinese Trade Company – Active IOCs
September 5, 2024
Multiple Mozilla Firefox Vulnerabilities
September 5, 2024
Novel Cross-Platform Malware KTLVdoor Targeting Chinese Trade Company – Active IOCs
September 5, 2024
Severity
High
Analysis Summary
CVE-2024-45507 CVSS:9.8
Apache OFBiz could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or conduct SSRF attacks.
CVE-2024-45195 CVSS:7.5
Apache OFBiz could allow a remote attacker to obtain sensitive information, caused by a forced browsing flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-45507
- CVE-2024-45195
Affected Vendors
Apache
Affected Products
- Apache OFBiz 18.12.15
Remediation
Upgrade to the latest version of Apache OFBiz, available from the Apache Website.