#ERP

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

by

August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

by

August 2, 2024 at 07:00AM Enterprise Resource Planning (ERP) Software, including the open-source framework OFBiz, faces critical security vulnerabilities, as demonstrated by the exploitation of a directory traversal flaw. The SANS Internet Storm Center reported an increase in exploit attempts, with attackers targeting OFBiz using the Mirai botnet. The vulnerabilities pose a threat to sensitive … Read more