Security News > 2024 > August > CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.
News URL
https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
Related news
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-38856 | Unspecified vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |