August 6, 2024 at 12:36AM
A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation of other OFBiz vulnerabilities.
From the meeting notes:
– A new zero-day pre-authentication remote code execution vulnerability (CVE-2024-38856) has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system.
– The vulnerability affects Apache OFBiz versions prior to 18.12.15 and has a CVSS score of 9.8 out of 10.0.
– SonicWall discovered and reported the vulnerability, which allows unauthenticated users to access functionalities that generally require the user to be logged in, leading to remote code execution.
– CVE-2024-38856 is also a patch bypass for CVE-2024-36104, a path traversal vulnerability that was previously addressed.
– It was described as residing in the override view functionality, allowing unauthenticated access to critical endpoints, potentially leading to remote code execution via specially crafted requests.
– Another critical path traversal vulnerability in OFBiz (CVE-2024-32113) has come under active exploitation to deploy the Mirai botnet.
– In December 2023, SonicWall disclosed a zero-day flaw (CVE-2023-51467) in the same software that made it possible to bypass authentication protections and was subsequently subjected to a large number of exploitation attempts.
Stay updated by following us on Twitter and LinkedIn for more exclusive content.