Apache OFBiz, initially named Open for Enterprise, is a Java-based ERP net software and growth framework that gives modules for managing enterprise processes resembling accounting, HR, provide chain administration, product catalog administration, buyer relationship administration (CRM), manufacturing, e-commerce and extra. The framework underpinning it may also be used to construct further customized purposes and options.
The software program is used globally and throughout many industries, however it’s unclear what number of organizations have Apache OFBiz since many makes use of it internally. Primarily based on public information, its customers embody giant corporations resembling IBM, HP, Accenture, United Airways, Dwelling Depot, and Upwork. Some third-party industrial purposes like Atlassian JIRA additionally use OFBiz modules.
Fragmenting the controller-view map state
The foundation trigger for CVE-2024-45195 and the earlier three associated flaws are incorrect or inadequate authorization checks for authenticated view maps as a result of the state between the referred to as controller and the accessed view map is corrupted.