CVE-2024-38856 - Apache OFBiz Incorrect Authorization Vulnerability

Vulnerability Name

Apache OFBiz Incorrect Authorization Vulnerability

Description

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w

https://nvd.nist.gov/vuln/detail/CVE-2024-38856

Related News Articles

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)September 6, 2024

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code ExecutionSeptember 6, 2024

Apache fixes critical OFBiz remote code execution vulnerabilitySeptember 6, 2024

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation ReportsAugust 28, 2024

CISA warns about actively exploited Apache OFBiz RCE flawAugust 9, 2024