September 6, 2024 at 08:00AM Apache announced a security update for open source ERP system OFBiz to address two vulnerabilities including a bypass of patches for two exploited flaws. The bypass, CVE-2024-45195, allows unauthenticated, remote attackers to execute code on affected systems. Rapid7 warns both Linux and Windows systems are affected. Users are urged to … Read more
September 6, 2024 at 01:39AM A high-severity vulnerability (CVE-2024-45195) in Apache OFBiz ERP system allows unauthenticated remote code execution. The flaw, impacting all versions before 18.12.16, lets attackers execute arbitrary code and has been used to deploy the Mirai botnet malware. The latest patch also tackles a critical SSRF vulnerability (CVE-2024-45507). Key takeaways from the … Read more
August 29, 2024 at 03:30PM CISA has added a critical security flaw in the Apache OFBiz open source ERP system to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2024-38856, the bug carries a score of 9.8 out of 10 on the CVSS scale, enabling pre-authentication RCE. Organizations must update to version 18.12.15 by Sept. 17 … Read more
August 28, 2024 at 06:54AM CISA added a second Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows unauthenticated remote code execution in impacted versions through 18.12.14. SonicWall, who discovered the flaw, described it as critical, with PoC exploits emerging in early August. This is the second Apache OFBiz vulnerability … Read more
August 28, 2024 at 02:03AM The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in the Apache OFBiz system to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-38856, allows remote code execution and carries a CVSS score of 9.8. Organizations are advised to update to version 18.12.15 by September 17, 2024 … Read more
August 8, 2024 at 03:46PM The U.S. Cybersecurity & Infrastructure Security Agency has warned of two vulnerabilities affecting Apache OFBiz, an open-source ERP system used across various industries. The flaws, CVE-2024-32113 and CVE-2024-36971, could lead to remote code execution and were added to CISA’s Known Exploited Vulnerability Catalog. Security updates or product discontinuation are required … Read more
August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more
August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more
August 5, 2024 at 07:54AM Apache OFBiz users are advised to patch a critical vulnerability, CVE-2024-38856, after reports of increasing exploitation attempts. Versions through 18.12.14 are impacted, with a fix in 18.12.15. Another recently discovered flaw, CVE-2024-32113, has been targeted by malicious actors, prompting increased exploitation attempts. The security of these ERP systems is critical. … Read more
January 11, 2024 at 10:21AM Cybersecurity researchers have developed a proof-of-concept code exploiting a critical flaw in Apache OFBiz, allowing memory-resident payload execution. Despite a fix in version 18.12.11, threat actors attempt to exploit the flaw, aiming at vulnerable instances. The CVE-2023-51467 allows remote code execution, posing a serious threat despite security guardrails. Based on … Read more