Apache OFBiz createRegister Error Message Information Disclosure Vulnerability [CVE-2024-23946]

CVE number = CVE-2024-23946

This vulnerability in Apache OFBiz allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz.

Authentication is not required to exploit this vulnerability.

The specific flaw exists within the createRegister method. The issue results from outputting an error message that includes sensitive information.

An attacker can leverage this vulnerability to disclose the names of internal paths used by the system.

Apache has issued an update to correct this vulnerability.

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.