Critical Apache OFBiz Vulnerability Allows Preauth RCE

  /     /     /  
Publicated : 23/11/2024   Category : security

Critical Apache OFBiz Vulnerability Allows Preauth RCE


The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.


A critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat actors into various applications and parts of their networks, and more.
The bug, tracked as
CVE-2024-38856
, carries a notably high CVSS score of 9.8, given how impactful exploitation could be. Apache OFBiz is an open source enterprise resource planning (ERP) system that has highly privileged access to various business processes for the purpose of single-pane management and automation; these can include accounting, human resources, customer relationship management, order management, manufacturing and e-commerce.
CVE-2024-38856 exists in the override view functionality, and can allow threat actors to access critical endpoints using a crafted request, according to the SonicWall Capture Labs threat research team, which discovered the vulnerability and shared its details with Dark Reading.
To protect their organizations, admins should upgrade their implementations to version 18.12.15 or newer.
OFBiz customers number around 170 and include some heavy hitters, such as
Atlassian
JIRA, Home Depot, United Airlines, and Upwork Global, according to SonicWall.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Critical Apache OFBiz Vulnerability Allows Preauth RCE