Urgent Patch Required for Critical Apache OFBiz Vulnerability
Organizations using Apache OFBiz have been alerted to address a critical vulnerability immediately due to increasing exploitation attempts.
Known as CVE-2024-38856, this vulnerability was disclosed over the weekend. Apache OFBiz developers confirmed it affects versions up to 18.12.14 and released a fix in version 18.12.15.
An advisory issued on Sunday stated that the issue arises from unauthenticated endpoints that can execute screen-rendering code if certain conditions are met. These conditions occur when screen definitions do not explicitly check user permissions and rely on endpoint configuration instead. This vulnerability is tracked internally as OFBIZ-13128.
SonicWall threat researchers, who discovered the flaw, classified it as a critical issue allowing unauthenticated remote code execution (RCE). They attributed it to a flaw in the authentication mechanism, enabling an unauthenticated user to access functions intended for logged-in users, potentially leading to RCE.
As of now, SonicWall has not detected any attacks exploiting CVE-2024-38856. However, another Apache OFBiz vulnerability identified in May, CVE-2024-32113, has been targeted by malicious actors. This path traversal bug could also lead to remote command execution. The SANS Technology Institute’s Internet Storm Center reported increasing exploitation attempts of this flaw in late July.
There is evidence that attackers are testing the new vulnerability, possibly integrating it into variants of the Mirai botnet. Apache OFBiz, a free framework for creating enterprise resource planning (ERP) applications, is used by several major companies, primarily in the US, India, and Europe.
For Further Reference