August 29, 2024 at 03:30PM CISA has added a critical security flaw in the Apache OFBiz open source ERP system to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2024-38856, the bug carries a score of 9.8 out of 10 on the CVSS scale, enabling pre-authentication RCE. Organizations must update to version 18.12.15 by Sept. 17 … Read more
August 28, 2024 at 06:54AM CISA added a second Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows unauthenticated remote code execution in impacted versions through 18.12.14. SonicWall, who discovered the flaw, described it as critical, with PoC exploits emerging in early August. This is the second Apache OFBiz vulnerability … Read more
August 28, 2024 at 02:03AM The U.S. Cybersecurity and Infrastructure Security Agency has added a critical security flaw in the Apache OFBiz system to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-38856, allows remote code execution and carries a CVSS score of 9.8. Organizations are advised to update to version 18.12.15 by September 17, 2024 … Read more
August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more
August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more
August 5, 2024 at 07:54AM Apache OFBiz users are advised to patch a critical vulnerability, CVE-2024-38856, after reports of increasing exploitation attempts. Versions through 18.12.14 are impacted, with a fix in 18.12.15. Another recently discovered flaw, CVE-2024-32113, has been targeted by malicious actors, prompting increased exploitation attempts. The security of these ERP systems is critical. … Read more