🔴 CVE-2024-45195

CVE-2024-45195 is a Critical forced browsing vulnerability in Apache OFBiz allowing unauthorized access to protected application areas without authentication. This vulnerability has active exploitation confirmed by CISA KEV listing and affects enterprise ERP systems commonly deployed as internet-facing web applications.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-09-04

Added to CISA KEV: 2025-02-04 153 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-45195 is a critical vulnerability affecting Apache OFBiz that functions as an authentication bypass and facilitates unauthenticated remote code execution (RCE) [1] [4].

Key Details
FeatureDescription
Vulnerability TypeAuthentication Bypass (via "Forced Browsing" / Direct Request) leading to RCE [2] [5]
Affected VersionsApache OFBiz versions prior to 18.12.16 [2]
ExploitationUnauthenticated; network-accessible; no user interaction required [1]
ImpactFull Remote Code Execution (RCE) on both Linux and Windows systems [1]
Exploitation and Threat Landscape
  • Nature of the Flaw: CVE-2024-45195 is essentially a patch-bypass vulnerability. It circumvents the security fixes previously implemented for earlier vulnerabilities, specifically CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856 [1].
  • Active Exploitation: Following its disclosure in September 2024, the vulnerability was actively exploited in the wild. The re-emergence of the underlying flaws (like CVE-2024-32113) through this bypass intensified exploitation risks, with threat actors using it to compromise systems and deploy malicious payloads [3].
  • Targeted Attacks/Ransomware: While specific ransomware campaign attribution varies, the nature of this vulnerability (unauthenticated RCE) makes it a high-value target for initial access brokers and groups looking to deploy various payloads, including ransomware, into enterprise environments.
Mitigation and Patch Status
  • Patch: The vulnerability is resolved in Apache OFBiz version 18.12.16 [2].
  • Recommendation: Organizations using Apache OFBiz must upgrade to version 18.12.16 or later immediately [2]. Users are also advised to consult CISA’s Known Exploited Vulnerabilities (KEV) catalog for ongoing guidance regarding this and related OFBiz vulnerabilities [2].

Sources

  1. CVE-2024-45195: Apache OFBiz Unauthenticated RCE (Fixed)

    Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit ... Exploitation is facilitated by bypassing previous patches for CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856; this patch bypass vulnerabi…

  2. CVE-2024-45195 Detail - NVD

    This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. Metrics. CVSS Version 4.0 ... An official website of the United States government Here's how you know ... CVE-2024-45195 Detail. Description. Direct Request ('Forced Browsin…

  3. CVE-2024-32113's Re-Emergence And Amplified Risks

    On September 4, 2024, the identification of CVE-2024-45195 reignited concerns surrounding Apache OFBiz by revealing a bypass for several previously addressed vulnerabilities, notably CVE-2024-32113. This development has intensified the exploitation of CVE-2024-32113, as attackers exploit the flaw’s…

  4. CVE-2024-45195 - Exploits & Severity - Feedly

    Another related vulnerability, CVE-2024-45195, affects any version earlier than v18.12.16 of Apache OFBiz. This flaw also allows for ... Threat Intelligence Report CVE-2024-45195 is a critical unauthenticated remote code execution vulnerability in Apache OFBiz versions below 18.12.16. Exploitation i…

  5. CVE-2024-45195: Apache OFBiz Auth Bypass Vulnerability - SentinelOne

    CVE-2024-45195 is an authentication bypass flaw in Apache OFBiz caused by direct request forced browsing. Attackers can bypass authentication controls to gain unauthorized access. This article covers technical details, affected versions, impact, and mitigation steps. Published: January 28, 2026…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed