Exploitation Summary
CVE-2024-45195 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 4, 2025. EIP tracks 1 public exploit from researchers including wyyazjjl. A Nuclei detection template is also available.
Description
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Exploits (1)
Nuclei Templates (1)
Apache OFBiz - Remote Code Execution
HIGHby DhiyaneshDK
Shodan:
ofbiz.visitor= || http.html:"ofbiz"
FOFA:
app="apache_ofbiz" || body="ofbiz"
References (6)
Core 6
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195
Product mitigation
product
release-notes
https://ofbiz.apache.org/download.html
Vendor Advisory patch
https://ofbiz.apache.org/security.html
Issue Tracking, Vendor Advisory issue-tracking
https://issues.apache.org/jira/browse/OFBIZ-13130
Vendor Advisory vendor-advisory
https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy
Scores
CVSS v3
7.5
EPSS
0.9415
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-02-04
VulnCheck KEV
2024-09-11
ENISA EUVD
EUVD-2024-41762
CWE
CWE-425
Status
published
Products (1)
apache/ofbiz
< 18.12.16
Published
Sep 04, 2024
KEV Added
Feb 04, 2025
Tracked Since
Feb 18, 2026