The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding the Apache OFBiz Incorrect Authorization Vulnerability, also known as CVE-2024-38856 [2].

Description

This critical security flaw allows unauthenticated attackers to execute remote code via a Groovy payload. The vulnerability affects Apache OFBiz versions prior to 18.12.15 [4], with version 18.12.15 addressing the flaw [3]. Security researcher Hasib Vhora from SonicWall reported the flaw [3], which stems from a flaw in the authentication mechanism [3], enabling unauthorized access to restricted features [3]. Additionally, this vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog [1], indicating significant interest from attackers [2]. While there are no public reports of active exploitation [2], organizations are strongly advised to update to version 18.12.15 or later to mitigate the threat. This flaw allows for remote code execution through an incorrect authorization mechanism [1], posing significant security risks with a CVSS score of 9.8 [1]. The discovery of this vulnerability follows the recent addition of another Apache OFBiz flaw [1], CVE-2024-32113 [1] [2], to the KEV catalog [1], which was exploited to deploy the Mirai botnet [1]. CISA recommends updating Apache OFBiz systems to version 18.12.15 to mitigate the threat of potential breaches [1].

Conclusion

Organizations are urged to take immediate action to update their Apache OFBiz systems to version 18.12.15 or later to protect against the potential risks posed by the Incorrect Authorization Vulnerability. This proactive measure will help mitigate the threat of unauthorized access and remote code execution, safeguarding critical systems and data from exploitation.

References

[1] https://cybermaterial.com/cisa-adds-critical-apache-ofbiz-flaw-to-kev/
[2] https://thehackernews.com/2024/08/cisa-flags-critical-apache-ofbiz-flaw.html
[3] https://securityaffairs.com/167676/uncategorized/u-s-cisa-apache-ofbiz-known-exploited-vulnerabilities-catalog.html
[4] https://securityonline.info/cisa-warns-of-actively-exploited-apache-ofbiz-cve-2024-38856-vulnerability-poc-available/