The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement on Tuesday highlighting a severe security issue affecting the Apache OFBiz open-source enterprise resource planning (ERP) system, adding it to its Known Exploited Vulnerabilities (KEV) database due to confirmed cases of ongoing exploitation.
The identified vulnerability, indexed as CVE-2024-38856, has been assigned a CVSS score of 9.8, indicating a severe level of criticality.
“Apache OFBiz includes an incorrect authorization vulnerability, enabling potential remote code execution through a Groovy payload within the OFBiz user process by an unauthorized party,” as stated by CISA.
Further insights into this vulnerability emerged earlier in the month when SonicWall outlined it as a workaround for another vulnerability, CVE-2024-36104, allowing for execution of remote code via custom-crafted requests.
“A defect in the override view functionality exposes crucial endpoints to unauthorized threat actors leveraging a tailored request, paving the way for remote code execution,” detailed SonicWall researcher Hasib Vhora in a statement.
This development follows three weeks after CISA incorporated another Apache OFBiz vulnerability (CVE-2024-32113) into the KEV database, prompted by reports of its application in deploying the Mirai botnet.
While there have been no public disclosures on the exploitation tactics associated with CVE-2024-38856, there are available proof-of-concept (PoC) exploits shared publicly.
The occurrence of exploits targeting two Apache OFBiz vulnerabilities emphasizes threat actors’ keen interest and quick response to disclosed vulnerabilities with the intent to exploit vulnerable systems for malicious purposes.
Entities are strongly advised to update to version 18.12.15 as a preventative measure against this threat. Federal Civilian Executive Branch (FCEB) organizations have been directed to implement the necessary updates by September 17, 2024.
About Author
