CISA has recently added the Apache OFBiz Incorrect Authorization Vulnerability [4], tracked as CVE-2024-38856 [1] [2], to its Known Exploited Vulnerabilities catalog [2] [3] [4] [6].

Description

This critical pre-authentication vulnerability has a high CVSS score of 9.8 and allows for remote code execution without authentication via a Groovy payload. Discovered by SonicWall and fixed by Apache in June [3], this flaw impacts every version of Apache OFBiz up to 18.12.14 [2]. Attackers can exploit this vulnerability to bypass authentication and gain unauthorized access to certain endpoints, potentially compromising the entire system [3]. While there are no public reports of active exploitation [1], proof-of-concept exploits are available [1], highlighting the urgency of upgrading to prevent potential exploitation. Organizations are strongly advised to update to version 18.12.15 [1], which contains a patch for the vulnerability [5]. Federal Civilian Executive Branch agencies are required to apply updates by September 17, 2024 [1]. This flaw poses significant security risks with a CVSS score of 9.8 and allows for remote code execution through an incorrect authorization mechanism. CISA recommends updating Apache OFBiz systems to version 18.12.15 to mitigate the threat and protect against potential breaches [6]. SonicWall has developed an IPS signature to detect exploitation of the vulnerability [4].

Conclusion

The Apache OFBiz Incorrect Authorization Vulnerability poses a serious threat to system security, with the potential for unauthorized access and remote code execution. It is crucial for organizations to update to version 18.12.15 to protect against exploitation and prevent breaches. The development of an IPS signature by SonicWall underscores the importance of addressing this vulnerability promptly.

References

[1] https://owasp.or.id/2024/08/28/cisa-flags-critical-apache-ofbiz-flaw-amid-active-exploitation-reports/
[2] https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access
[3] https://www.hawk-eye.io/2024/08/cisa-warning-cve-2024-38856-apache-ofbiz-rce-vulnerability-under-active-exploitation/
[4] https://securityaffairs.com/167676/uncategorized/u-s-cisa-apache-ofbiz-known-exploited-vulnerabilities-catalog.html
[5] https://duo.com/decipher/attacks-target-recent-apache-ofbiz-bug
[6] https://cybermaterial.com/cisa-adds-critical-apache-ofbiz-flaw-to-kev/