Latest Cyber Security News

You are here: Home / General Cyber Security News / New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
August 6, 2024

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.

Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The root cause of the vulnerability lies in a flaw in the authentication mechanism,” SonicWall, which discovered and reported the shortcoming, said in a statement.

Cybersecurity

“This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution.”

CVE-2024-38856 is also a patch bypass for CVE-2024-36104, a path traversal vulnerability that was addressed in early June with the release of 18.12.14.

SonicWall described the flaw as residing in the override view functionality that exposes critical endpoints to unauthenticated threat actors, who could leverage it to achieve remote code execution via specially crafted requests.

“Unauthenticated access was allowed to the ProgramExport endpoint by chaining it with any other endpoints that do not require authentication by abusing the override view functionality,” security researcher Hasib Vhora said.

Cybersecurity

The development comes as another critical path traversal vulnerability in OFBiz that could result in remote code execution (CVE-2024-32113) has since come under active exploitation to deploy the Mirai botnet. It was patched in May 2024.

In December 2023, SonicWall also disclosed a then-zero-day flaw in the same software (CVE-2023-51467) that made it possible to bypass authentication protections. It was subsequently subjected to a large number of exploitation attempts.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *