Security News > 2024 > August > CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.
News URL
https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
Related news
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Critical Progress WhatsUp RCE flaw now under active exploitation (source)
- CISA warns about actively exploited Apache OFBiz RCE flaw (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- SOCI Act 2024: Thales Report Reveals Critical Infrastructure Breaches in Australia (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-38856 | Incorrect Authorization vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |