Apache OFBiz, initially named Open for Enterprise, is a Java-based ERP internet utility and growth framework that gives modules for managing enterprise processes comparable to accounting, HR, provide chain administration, product catalog administration, buyer relationship administration (CRM), manufacturing, e-commerce and extra. The framework underpinning it may also be used to construct further customized functions and options.
The software program is used globally and throughout many industries, however it’s unclear what number of organizations have Apache OFBiz since many makes use of it internally. Based mostly on public information, its customers embody massive corporations comparable to IBM, HP, Accenture, United Airways, Dwelling Depot, and Upwork. Some third-party industrial functions like Atlassian JIRA additionally use OFBiz modules.
Fragmenting the controller-view map state
The foundation trigger for CVE-2024-45195 and the earlier three associated flaws are incorrect or inadequate authorization checks for authenticated view maps as a result of the state between the referred to as controller and the accessed view map is corrupted.