Description

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

INFO

Published Date :

2024-08-05T08:20:18.081Z

Last Modified :

2025-10-21T22:55:48.822Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38856 vulnerability.

Vendors Products
Apache
  • Ofbiz
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38856.

URL Resource
http://www.openwall.com/lists/oss-security/2024/08/04/1 cve-icon
https://issues.apache.org/jira/browse/OFBIZ-13128 cve-icon cve-icon
https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w cve-icon cve-icon
https://ofbiz.apache.org/download.html cve-icon cve-icon
https://ofbiz.apache.org/security.html cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38856 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact