Organizations using Apache OFBiz are being urged to patch a critical vulnerability, following reports of increasing exploitation attempts targeting another recently discovered security hole.
The new vulnerability, tracked as CVE-2024-38856, was disclosed over the weekend. According to Apache OFBiz developers, versions through 18.12.14 are impacted and 18.12.15 includes a fix.
“Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints),” developers said in an advisory.
SonicWall threat researchers, who discovered the flaw, described it as a critical issue that could allow unauthenticated remote code execution.
“The root cause of the vulnerability lies in a flaw in the authentication mechanism,” SonicWall explained. “This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution.”
SonicWall is not aware of attacks exploiting CVE-2024-38856.
However, another recently discovered Apache OFBiz flaw does appear to have been targeted by malicious actors. The vulnerability, discovered in May and tracked as CVE-2024-32113, is a path traversal bug that could lead to remote command execution.
The SANS Technology Institute’s Internet Storm Center reported seeing increasing exploitation attempts in late July.
Evidence suggests that attackers are experimenting with the vulnerability and possibly adding it to variants of the Mirai botnet.
Apache OFBiz is a free framework for creating enterprise resource planning (ERP) applications. OFBiz is used by several major companies. A majority of users are in the United States, followed by India and Europe.
“OFBiz appears to be far less prevalent than commercial alternatives. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical,” noted SANS’s Johannes Ullrich.
Related: Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Related: Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances
Related: CISA Warns of Avtech Camera Vulnerability Exploited in Wild