This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Continue Change settings Find out more

[WEBINAR: April 29] Learn How To Take Control of Cloudflare Enterprise on Cloudways. Register Now→

Products
Hosting
Features
Pricing
Partners
Support
Contact Us
- Contact Sales Talk to our experts for all your Cloudways inquiries.
- Schedule a Call Explore our hosting platform with a personalized call.
- View Demo See how to easily set up and use Cloudways.

Start Free Trial

News

Security Alerts

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation

Sandhya Goswami

Updated on August 28, 2024

< 1 Min Read

Follow @Cloudways

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability, CVE-2024-38856, affecting the Apache OFBiz open-source enterprise resource planning (ERP) system, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, which carries a CVSS score of 9.8, indicates a critical severity level and is reportedly under active exploitation.

The flaw is an incorrect authorization vulnerability that allows remote code execution via a Groovy payload within the OFBiz user process, potentially enabling an unauthenticated attacker to gain unauthorized access. The vulnerability first surfaced earlier this month when SonicWall highlighted it as a patch bypass for another flaw, CVE-2024-36104, which also enabled remote code execution through crafted requests.

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP)… https://t.co/LCXMbfM2Z3 pic.twitter.com/88UF4xJKu4

— Global Cyber Threat Intel (@cipherstorm) August 28, 2024

The flaw has been under active scrutiny since CISA recently added another Apache OFBiz vulnerability, CVE-2024-32113, to the KEV catalog, following reports that it had been exploited to deploy the Mirai botnet.

Although there are no public reports detailing how CVE-2024-38856 is being weaponized, proof-of-concept (PoC) exploits are already available, suggesting that attackers are quick to leverage such vulnerabilities to compromise unpatched systems.

Organizations are strongly advised to update to version 18.12.15 to mitigate this critical threat. Federal Civilian Executive Branch (FCEB) agencies are required to apply these updates by September 17, 2024.

Staying vigilant and promptly applying security updates is crucial to defending against these evolving threats.

Share your opinion in the comment section. COMMENT NOW

Share This Article

👉 Join the Cloudways Reddit Community, It’s Built for You!

Get Managed Hosting Insights, Troubleshooting Tips, Discussion, Q&A – Directly from Cloudways Users and Experts.

Join Us on Reddit

Sandhya Goswami

Sandhya is a contributing author at Cloudways, specializing in content promotion and performance analysis. With a strong analytical approach and a keen ability to leverage data-driven insights, Sandhya excels in measuring the success of organic marketing initiatives.

Get Connected on: Twitter