The US cybersecurity agency CISA on Tuesday added a second Apache OFBiz flaw to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability, tracked as CVE-2024-38856, has been described as an incorrect authorization issue that can allow unauthenticated endpoints to execute screen rendering code under certain conditions.
Apache OFBiz versions through 18.12.14 are impacted, and version 18.12.15 includes a fix.
SonicWall, whose researchers discovered the vulnerability, described it as a critical issue that can allow unauthenticated remote code execution.
Proof-of-concept (PoC) exploits targeting CVE-2024-38856 started emerging after the flaw’s disclosure in early August, and now CISA is warning organizations about attacks exploiting the weakness.
No information has been shared about the attacks.
CVE-2024-38856 is the second Apache OFBiz vulnerability that has been exploited in attacks in recent weeks.
The other flaw, tracked as CVE-2024-32113, was discovered in May and exploitation attempts were first spotted in late July. This is a path traversal bug that could lead to remote command execution.
The SANS Technology Institute’s Internet Storm Center reported seeing evidence that threat actors may have tried to add an exploit for CVE-2024-32113 to variants of the Mirai botnet.
Apache OFBiz, a free framework for creating ERP applications, is used by many companies, mainly in the United States, but also in India and Europe.
Related: Critical Apache OFBiz Vulnerability in Attacker Crosshairs
Related: CISA Warns of Exploited Vulnerabilities Impacting Dahua Products
Related: CISA Warns of Avtech Camera Vulnerability Exploited in Wild