Security News > 2024 > August > CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports
2024-08-28 06:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity.
News URL
https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
Related news
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-38856 | Unspecified vulnerability in Apache Ofbiz Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). | 9.8 |