Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apache OFBiz Users Warned of New and Exploited Vulnerabilities

Organizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed.

Apache OFBiz exploited

Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole.

The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix. 

“Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints),” developers said in an advisory

SonicWall threat researchers, who discovered the flaw, described it as a critical issue that could allow unauthenticated remote code execution.

“The root cause of the vulnerability lies in a flaw in the authentication mechanism,” SonicWall explained. “This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution.”

SonicWall is not aware of attacks exploiting CVE-2024-38856.

However, another recently discovered Apache OFBiz flaw does appear to have been targeted by malicious actors. The vulnerability, discovered in May and tracked as CVE-2024-32113, is a path traversal bug that could lead to remote command execution.

The SANS Technology Institute’s Internet Storm Center reported seeing increasing exploitation attempts in late July.  

Advertisement. Scroll to continue reading.

Evidence suggests that attackers are experimenting with the vulnerability and possibly adding it to variants of the Mirai botnet.

Apache OFBiz is a free framework for creating enterprise resource planning (ERP) applications. OFBiz is used by several major companies. A majority of users are in the United States, followed by India and Europe. 

“OFBiz appears to be far less prevalent than commercial alternatives. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical,” noted SANS’s Johannes Ullrich.

Related: Critical Apache OFBiz Vulnerability in Attacker Crosshairs

Related: Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances

Related: CISA Warns of Avtech Camera Vulnerability Exploited in Wild

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights