CISA Highlights Apache OFBiz Flaw After PoC Open Access

August 29, 2024 at 03:30PM CISA has added a critical security flaw in the Apache OFBiz open source ERP system to its Known Exploited Vulnerabilities catalog. Tracked as CVE-2024-38856, the bug carries a score of 9.8 out of 10 on the CVSS scale, enabling pre-authentication RCE. Organizations must update to version 18.12.15 by Sept. 17 … Read more

Critical Apache OfBiz Vulnerability Allows Preauth RCE

August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

December 27, 2023 at 11:18AM A new zero-day security flaw (CVE-2023-51467) in Apache OfBiz ERP system allows bypassing authentication. It stems from an incomplete patch for the CVE-2023-49070 vulnerability. Exploiting the flaw facilitates unauthorized access and potential SSRF attacks. The SonicWall Capture Labs advises updating to Apache OfBiz version 18.12.11 or later to mitigate the … Read more