CISA warns about actively exploited Apache OFBiz RCE flaw

CISA warns about actively exploited Apache OFBiz RCE flaw

August 8, 2024 at 03:46PM

The U.S. Cybersecurity & Infrastructure Security Agency has warned of two vulnerabilities affecting Apache OFBiz, an open-source ERP system used across various industries. The flaws, CVE-2024-32113 and CVE-2024-36971, could lead to remote code execution and were added to CISA’s Known Exploited Vulnerability Catalog. Security updates or product discontinuation are required by August 28, 2024.

Key takeaways from the meeting notes are as follows:

– The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has identified two vulnerabilities being exploited in attacks, including a path traversal vulnerability impacting Apache OFBiz (Open For Business), a popular open-source enterprise resource planning (ERP) system used in various industries and business sizes.

– The vulnerabilities include CVE-2024-32113, affecting OFBiz versions before 18.12.13, which could allow remote execution of arbitrary commands on vulnerable servers. Federal agencies and state organizations are mandated to apply security updates or mitigations by August 28, 2024, or discontinue the use of the product.

– The second vulnerability, CVE-2024-36971, is an Android kernel zero-day that has also been added to CISA’s list, with the same application deadline.

– Detailed exploitation information for the CVE-2024-32113 vulnerability has been published, which could lead to malware deployment and pivot to other network segments. The vulnerability arises from insufficient input validation and improper handling of user-supplied data, allowing directory traversal sequences to bypass security filters and execution of user-provided Groovy scripts with inadequate blocklisting.

– A newer flaw impacting more recent versions of Apache OFBiz has been uncovered, known as CVE-2024-38856, which is a critical pre-authentication remote code execution problem. SonicWall has published extensive technical details about this flaw, and proof-of-concept exploits have been made available on GitHub. The issue has been fixed with the release of OFBiz version 18.12.15.

These notes provide a clear understanding of the security vulnerabilities affecting Apache OFBiz and the urgency for organizations to apply relevant security updates and mitigations.

Full Article