Critical Vulnerability in Apache OFBiz Requires Immediate Patching

Written by

Organizations utilizing Apache OFBiz have been warned to promptly address a critical vulnerability due to escalating exploitation attempts targeting a recently identified security flaw.

Tracked as CVE-2024-38856, the vulnerability was disclosed over the weekend. Apache OFBiz developers confirmed versions through 18.12.14 are impacted and included a fix in version 18.12.15.

According to an advisory published by the company on Sunday, the issue stems from unauthenticated endpoints that could allow the execution of screen-rendering code if specific preconditions are met. 

These preconditions include instances where the screen definitions do not explicitly check user permissions, relying instead on the configuration of their endpoints. This vulnerability is being tracked internally under the identifier OFBIZ-13128.

SonicWall threat researchers, who discovered the flaw, described it as a critical issue enabling unauthenticated remote code execution (RCE). They attributed the root cause to a flaw in the authentication mechanism, which allows an unauthenticated user to access functionalities meant for logged-in users, potentially leading to RCE.

At the time of writing, SonicWall has not detected any attacks exploiting CVE-2024-38856. However, another recently discovered Apache OFBiz flaw, identified in May and tracked as CVE-2024-32113, appears to have been targeted by malicious actors. 

This vulnerability, a path traversal bug, could also lead to remote command execution. The SANS Technology Institute’s Internet Storm Center reported increasing exploitation attempts of this flaw in late July.

There is evidence suggesting that attackers are experimenting with the new vulnerability, possibly integrating it into variants of the Mirai botnet. Apache OFBiz, a free framework for creating enterprise resource planning (ERP) applications, is used by several major companies, primarily in the US, India and Europe.

Read more on the Mirai botnet: Cyber Attackers Turn to Cloud Services to Deploy Malware

Users are strongly recommended to upgrade to version 18.12.15 to mitigate the newly identified threat. 

Image credit: monticello / Shutterstock.com

What’s hot on Infosecurity Magazine?