CVE-2024-45195 (GCVE-0-2024-45195)

Vulnerability from cvelistv5 – Published: 2024-09-04 08:08 – Updated: 2025-10-21 22:55
VLAI? CISA KEV
Title
Apache OFBiz: Confused controller-view authorization logic (forced browsing)
Summary
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Severity ?
No CVSS data available.
CWE
  • CWE-425 - Direct Request ('Forced Browsing')
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache OFBiz Affected: 0 , < 18.12.16 (custom)
Create a notification for this product.
Credits
shin24 from National Cyber Security Vietnam LuanPV from National Cyber Security Vietnam Ryan Emmons, Lead Security Researcher at Rapid7 Hasib Vhora, Senior Threat Researcher, SonicWall Xenc from SGLAB of Legendsec at Qi'anxin Group
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: fe763d87-d33e-472f-9eb3-7963cdd06033

Vulnerability ID: CVE-2024-45195

Status: Confirmed

Status Updated: 2025-02-04 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2025-02-04
Asserted: 2025-02-04
Scope
Notes: KEV entry: Apache OFBiz Forced Browsing Vulnerability | Affected: Apache / OFBiz | Description: Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://ofbiz.apache.org/security.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-45195
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-425
Feed CISA Known Exploited Vulnerabilities Catalog
Product OFBiz
Due Date 2025-02-25
Date Added 2025-02-04
Vendorproject Apache
Vulnerabilityname Apache OFBiz Forced Browsing Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-04T09:03:00.547Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/09/03/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ofbiz",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "18.12.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45195",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T15:46:50.643589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-02-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:46.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-02-04T00:00:00.000Z",
            "value": "CVE-2024-45195 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache OFBiz",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "18.12.16",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "shin24 from National Cyber Security Vietnam"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "LuanPV from National Cyber Security Vietnam"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Ryan Emmons, Lead Security Researcher at Rapid7"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Hasib Vhora, Senior Threat Researcher, SonicWall"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Xenc from SGLAB of Legendsec at Qi\u0027anxin Group"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDirect Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OFBiz: before 18.12.16.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Direct Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.16.\n\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-425",
              "description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-04T08:08:59.201Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "mitigation",
            "product",
            "release-notes"
          ],
          "url": "https://ofbiz.apache.org/download.html"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://ofbiz.apache.org/security.html"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://issues.apache.org/jira/browse/OFBIZ-13130"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache OFBiz: Confused controller-view authorization logic (forced browsing)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-45195",
    "datePublished": "2024-09-04T08:08:59.201Z",
    "dateReserved": "2024-08-22T15:19:27.892Z",
    "dateUpdated": "2025-10-21T22:55:46.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-45195",
      "cwes": "[\"CWE-425\"]",
      "dateAdded": "2025-02-04",
      "dueDate": "2025-02-25",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://ofbiz.apache.org/security.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-45195",
      "product": "OFBiz",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache OFBiz Forced Browsing Vulnerability"
    },
    "epss": {
      "cve": "CVE-2024-45195",
      "date": "2026-04-20",
      "epss": "0.94148",
      "percentile": "0.99916"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.12.16\", \"matchCriteriaId\": \"51868E3D-516B-4DF1-8889-161D53E47ACE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Direct Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\\n\\nThis issue affects Apache OFBiz: before 18.12.16.\\n\\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad Direct Request (\\\"Navegaci\\u00f3n forzada\\\") en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versi\\u00f3n 18.12.16. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 18.12.16, que soluciona el problema.\"}]",
      "id": "CVE-2024-45195",
      "lastModified": "2024-11-21T09:37:28.073",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-04T09:15:04.397",
      "references": "[{\"url\": \"https://issues.apache.org/jira/browse/OFBIZ-13130\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ofbiz.apache.org/download.html\", \"source\": \"security@apache.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://ofbiz.apache.org/security.html\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/09/03/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-425\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45195\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-09-04T09:15:04.397\",\"lastModified\":\"2025-10-23T14:49:13.317\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Direct Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\\n\\nThis issue affects Apache OFBiz: before 18.12.16.\\n\\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad Direct Request (\\\"Navegaci\u00f3n forzada\\\") en Apache OFBiz. Este problema afecta a Apache OFBiz: anterior a la versi\u00f3n 18.12.16. Se recomienda a los usuarios que actualicen a la versi\u00f3n 18.12.16, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-02-04\",\"cisaActionDue\":\"2025-02-25\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apache OFBiz Forced Browsing Vulnerability\",\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-425\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.12.16\",\"matchCriteriaId\":\"51868E3D-516B-4DF1-8889-161D53E47ACE\"}]}]}],\"references\":[{\"url\":\"https://issues.apache.org/jira/browse/OFBIZ-13130\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ofbiz.apache.org/download.html\",\"source\":\"security@apache.org\",\"tags\":[\"Product\"]},{\"url\":\"https://ofbiz.apache.org/security.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/09/03/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/09/03/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-04T09:03:00.547Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45195\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T15:46:50.643589Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-02-04\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"ofbiz\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.12.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-02-04T00:00:00.000Z\", \"value\": \"CVE-2024-45195 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-45195\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T15:17:41.720Z\"}}], \"cna\": {\"title\": \"Apache OFBiz: Confused controller-view authorization logic (forced browsing)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"shin24 from National Cyber Security Vietnam\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"LuanPV from National Cyber Security Vietnam\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ryan Emmons, Lead Security Researcher at Rapid7\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Hasib Vhora, Senior Threat Researcher, SonicWall\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Xenc from SGLAB of Legendsec at Qi\u0027anxin Group\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache OFBiz\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.12.16\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://ofbiz.apache.org/download.html\", \"tags\": [\"mitigation\", \"product\", \"release-notes\"]}, {\"url\": \"https://ofbiz.apache.org/security.html\", \"tags\": [\"patch\"]}, {\"url\": \"https://issues.apache.org/jira/browse/OFBIZ-13130\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Direct Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\\n\\nThis issue affects Apache OFBiz: before 18.12.16.\\n\\nUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDirect Request (\u0027Forced Browsing\u0027) vulnerability in Apache OFBiz.\u003c/p\u003e\u003cp\u003eThis issue affects Apache OFBiz: before 18.12.16.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 18.12.16, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-425\", \"description\": \"CWE-425 Direct Request (\u0027Forced Browsing\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-09-04T08:08:59.201Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45195\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:46.145Z\", \"dateReserved\": \"2024-08-22T15:19:27.892Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-09-04T08:08:59.201Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.