August 5, 2024 at 07:54AM
Apache OFBiz users are advised to patch a critical vulnerability, CVE-2024-38856, after reports of increasing exploitation attempts. Versions through 18.12.14 are impacted, with a fix in 18.12.15. Another recently discovered flaw, CVE-2024-32113, has been targeted by malicious actors, prompting increased exploitation attempts. The security of these ERP systems is critical.
Based on the meeting notes, the main takeaways are:
1. Organizations using Apache OFBiz are being urged to patch a critical vulnerability, CVE-2024-38856, which allows unauthenticated endpoints to execute screen rendering code and could lead to remote code execution.
2. Another recently discovered vulnerability, CVE-2024-32113, is a path traversal bug that could also lead to remote command execution. This vulnerability has been targeted by malicious actors and is being added to variants of the Mirai botnet.
3. While Apache OFBiz may be less prevalent than commercial alternatives, it is still essential for organizations’ sensitive business data, making the security of these ERP systems critical.
Overall, it is highly recommended that organizations using Apache OFBiz take immediate action to patch these vulnerabilities to prevent potential exploitation and security breaches.