CVE-2026-31387
Improper Authentication in Apache OFBiz
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | ofbiz | to 24.09.06 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Apache OFBiz allows improper authentication, including JWT forgery and account impersonation, which could lead to unauthorized access to user accounts.
Such unauthorized access risks compromising personal or sensitive data, potentially impacting compliance with standards and regulations like GDPR and HIPAA that require strict access controls and protection of user data.
However, the provided information does not explicitly detail the direct impact on compliance with these regulations.
Can you explain this vulnerability to me?
This vulnerability is an Improper Authentication issue found in Apache OFBiz versions before 24.09.06. Improper Authentication means that the software does not correctly verify the identity of users, potentially allowing unauthorized access.
How can this vulnerability impact me? :
Because of the improper authentication, attackers might gain unauthorized access to the system or sensitive data, which could lead to data breaches, unauthorized actions, or compromise of the affected Apache OFBiz installation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Improper Authentication vulnerability in Apache OFBiz, users are recommended to upgrade to version 24.09.06, which fixes the issue.