CVE-2024-38856 - Apache OFBiz Incorrect Authorization Vulnerability

CVE-2024-38856: Apache | OFBiz

Date Added:
2024-08-27

Due Date:
2024-09-17

Vulnerability Name: Apache OFBiz Incorrect Authorization Vulnerability

Description: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w; https://nvd.nist.gov/vuln/detail/CVE-2024-38856

Related News Articles

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)September 6, 2024

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code ExecutionSeptember 6, 2024

Apache fixes critical OFBiz remote code execution vulnerabilitySeptember 6, 2024

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation ReportsAugust 28, 2024

CISA warns about actively exploited Apache OFBiz RCE flawAugust 9, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard