CVE-2024-45195

CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing)

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-425 · Forced browsing

Published September 4, 2024

Last update October 21, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

Key dates

Disclosure timeline

September 4, 2024 CVE published

October 21, 2025 Record updated