Security News > 2024 > August > CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.
News URL
https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
Related news
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel (source)
- Apache issues patches for critical Struts 2 RCE bug (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- Critical security hole in Apache Struts under exploit (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-38856 | Unspecified vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |