The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about an active security vulnerability in the open source enterprise resource management system Apache OFBiz. The vulnerability, tracked as CVE-2024-38856, has been added to CISA's list of known exploited vulnerabilities (KEV). CVE
-2024-38856 is a pre-authenticated remote code execution vulnerability. The vulnerability affects versions of Apache OFBiz prior to version 18.12.15, posing a serious risk to any organization running outdated versions of the software.
The root cause of CVE-2024-38856 lies in a flaw in the authentication mechanism of Apache OFBiz. Specifically, the flaw allows unauthenticated users to access functions that are normally only available to logged-in users. Once in the system, an attacker can exploit this access to execute arbitrary code on the compromised systems, which can lead to a complete takeover of the system.
The vulnerability resides in the override view function of Apache OFBiz. This critical weakness exposes critical endpoints to unauthenticated attackers, who can exploit the vulnerability by sending specially crafted requests.
Adding to the urgency, security researchers have released proof-of-concept (PoC) exploit code for CVE-2024-38856. The fact that this PoC code is available on GitHub provides a concrete demonstration of how to exploit the vulnerability, making it easier for threat actors to attack.
Due to the high severity and ongoing exploitation of CVE-2024-38856, CISA has strongly recommended that all federal agencies and organizations using Apache OFBiz update their installations to version 18.12.15 or later by September 17, 2024. Failure to implement these updates could leave systems vulnerable to attack, leading to the risk of data breaches, service disruptions, and other serious consequences.
According to Security Online
No comments: