August 28, 2024 at 06:54AM
CISA added a second Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows unauthenticated remote code execution in impacted versions through 18.12.14. SonicWall, who discovered the flaw, described it as critical, with PoC exploits emerging in early August. This is the second Apache OFBiz vulnerability exploited recently.
Key Takeaways from the Meeting Notes:
1. The US cybersecurity agency CISA has added a second Apache OFBiz vulnerability, CVE-2024-38856, to its Known Exploited Vulnerabilities catalog. The vulnerability allows unauthenticated endpoints to execute screen rendering code and has been exploited by threat actors.
2. The affected versions of Apache OFBiz are through 18.12.14, with version 18.12.15 including a fix for CVE-2024-38856.
3. SonicWall, whose researchers discovered the vulnerability, has classified it as a critical issue that enables unauthenticated remote code execution.
4. Proof-of-concept (PoC) exploits targeting CVE-2024-38856 have emerged after the flaw’s disclosure, and CISA is warning organizations about attacks exploiting the weakness.
5. Another Apache OFBiz vulnerability, CVE-2024-32113, was discovered earlier and exploitation attempts were observed. Threat actors may have attempted to add an exploit for CVE-2024-32113 to variants of the Mirai botnet.
6. Apache OFBiz is a free framework for creating ERP applications and is widely used by companies in the United States, India, and Europe.
7. The meeting notes also reference related warnings from CISA about other exploited vulnerabilities impacting Dahua products and Avtech cameras.
These takeaways summarize the critical information about the Apache OFBiz vulnerabilities, their exploitation, and the actions taken by CISA to address the threats.