| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability | exploitation_technique | T1133 | External Remote Services |
Comments
Insufficient authorization checks in affected Apache OFBiz versions (before 18.12.16) allow an attacker running their own server to send POST requests that instruct the OFBiz server to fetch malicious files from the attacker's server. The attacker can then send another request that triggers the malicious files to run arbitrary code.
References
|
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
Insufficient authorization checks in affected Apache OFBiz versions (before 18.12.16) allow an attacker running their own server to send POST requests that instruct the OFBiz server to fetch malicious files from the attacker's server. The attacker can then send another request that triggers the malicious files to run arbitrary code.
References
|
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
Insufficient authorization checks in affected Apache OFBiz versions (before 18.12.16) allow an attacker running their own server to send POST requests that instruct the OFBiz server to fetch malicious files from the attacker's server. The attacker can then send another request that triggers the malicious files to run arbitrary code.
References
|
| CVE-2024-45195 | Apache OFBiz Forced Browsing Vulnerability | secondary_impact | T1498.001 | Direct Network Flood |
Comments
Insufficient authorization checks in affected Apache OFBiz versions (before 18.12.16) allow an attacker running their own server to send POST requests that instruct the OFBiz server to fetch malicious files from the attacker's server. The attacker can then send another request that triggers the malicious files to run arbitrary code.
References
|