Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-36104

CWE-22Path Traversal7 documents7 sources
Severity
9.1CRITICAL
EPSS
92.9%
top 0.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache OfbizApache Ofbiz
Timeline
PublishedJun 4
Latest updateJun 12

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDapache/ofbiz< 18.12.14

🔴Vulnerability Details

3
CVEList
Apache OFBiz: Path traversal leading to a RCE2024-06-04
GHSA
GHSA-77m3-6865-xvqj: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz2024-06-04
VulnCheck
Apache OFBiz Improper Restricted Pathname Limitation Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Apache OFBiz - Directory Traversal & Remote Code Execution

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Apache OFBiz Directory Traversal Remote Code Execution Attempt (CVE-2024-36104)2024-06-12

📋Vendor Advisories

1
Apache
Apache ofbiz: CVE-2024-36104
CVE-2024-36104 (CRITICAL CVSS 9.1) | Improper Limitation of a Pathname t | cvebase.io