Login Sign Up

CVE-2024-47208

9.8 CRITICAL
Remote Code Execution SSRF

📋 TL;DR

This CVE describes a Server-Side Request Forgery (SSRF) and code injection vulnerability in Apache OFBiz. Attackers can exploit it to make the server send unauthorized requests to internal systems and potentially execute arbitrary code. All Apache OFBiz installations before version 18.12.17 are affected.

💻 Affected Systems

Products:
  • Apache OFBiz
Versions: All versions before 18.12.17
Operating Systems: All platforms running Apache OFBiz
Default Config Vulnerable: ⚠️ Yes
Notes: All Apache OFBiz deployments before the patched version are vulnerable regardless of configuration.

📦 What is this software?

Ofbiz by Apache

View all CVEs affecting Ofbiz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing remote code execution, data exfiltration, and lateral movement to internal network resources.

🟠

Likely Case

Unauthorized access to internal services, data leakage from internal endpoints, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation and input validation, though SSRF could still expose some internal services.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities typically have low exploitation complexity, especially when combined with code injection capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.12.17

Vendor Advisory: https://ofbiz.apache.org/security.html

Restart Required: Yes

Instructions:

1. Download Apache OFBiz 18.12.17 from the official download page. 2. Backup your current installation and data. 3. Replace the existing installation with the new version. 4. Restart the OFBiz service.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict OFBiz server's outbound network access to minimize SSRF impact

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Input Validation Filter

all

Implement request validation to block SSRF patterns

🧯 If You Can't Patch

  • Implement strict network egress filtering to prevent SSRF requests to internal resources
  • Deploy a web application firewall (WAF) with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check the OFBiz version in the admin interface or by examining the installation directory for version files.

Check Version:

grep -r 'version' /path/to/ofbiz/ | grep -i '18.12'

Verify Fix Applied:

Confirm the version is 18.12.17 or later via the admin interface or version files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from OFBiz server
  • Requests to internal IP addresses or localhost
  • Unexpected file writes or process executions

Network Indicators:

  • OFBiz server making unexpected HTTP requests to internal services
  • Traffic to unusual ports from OFBiz server

SIEM Query:

source="ofbiz.log" AND (url="*localhost*" OR url="*127.0.0.1*" OR url="*192.168.*" OR url="*10.*" OR url="*172.16.*")

📊 Metadata

CVE ID: CVE-2024-47208
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: November 18, 2024
Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47208, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)