Published: 29/02/2024 Updated: 12/03/2024

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

This vulnerability allows remote malicious users to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that includes sensitive information. An attacker can leverage this vulnerability to disclose the names of internal paths used by the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ofbiz

oss-sec mailing list archives   By Date By Thread </form>    CVE-2024-23946: Apache OFBiz: Path traversal or file inclusion   From: Ja ...

CWE-22 CWE-434 https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://ofbiz.apache.org/release-notes-18.12.12.html https://issues.apache.org/jira/browse/OFBIZ-12884 https://lists.apache.org/thread/w4lp5ncpzttf41hn5bsc04mzq4o6lw3g http://www.openwall.com/lists/oss-security/2024/02/28/9 https://nvd.nist.gov https://seclists.org/oss-sec/2024/q1/176 https://www.zerodayinitiative.com/advisories/ZDI-24-183/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-23946

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect