The problem affects all versions of the program before 18.12.15. You should not delay the update.
A new vulnerability has been discovered in Apache OFBiz that allows attackers to remotely execute code on vulnerable instances of the program. The issue, known as CVE-2024-38856, was rated 9.8 on the CVSS scale, which indicates its critical danger. Apache OFBiz instances released before version 18.12.15 are vulnerable.
SonicWall, which identified the vulnerability and reported it, noted that the cause of the problem lies in the authentication mechanism. This error allows unauthorized users to access functions that normally require logging in, opening the way for remote code execution.
CVE-2024-38856 is also a workaround for the CVE-2024-36104 vulnerability, which was fixed in June 2024 with the release of version 18.12.14. According to SonicWall representatives, the problem lies in the Override View function, which opens critical endpoints to unauthorized users, allowing them to execute remote code through specially formed requests.
Security researcher Haseeb Vora noted that access to the ProgramExport endpoint was provided without authentication, which allowed attackers to use any other endpoint that does not require authorization through the Override View function. Fortunately, the vulnerability was fixed in OFBiz version 18.12.15 using this commit on GitHub.
Although neither Apache representatives nor SonicWall researchers provided clear information about exploiting the vulnerability before it was discovered, they still marked it as a zero-day breach. This means that you need to upgrade to the secure version as soon as possible, since hackers already have a complete understanding of how to use the vulnerability in real attacks.
These events occur against the background of another critical vulnerability in OFBiz, CVE-2024-32113, which is already being actively exploited for the deployment of the Mirai botnet. A patch for this vulnerability was released in May 2024, but administrators are slow to roll out updates, making their infrastructure vulnerable.
In December 2023, SonicWall also reported another zero-day vulnerability in the same software (CVE-2023-51467), which allowed bypassing authentication protection. This vulnerability has also been subjected to numerous attempts to exploit by intruders.
Source
A new vulnerability has been discovered in Apache OFBiz that allows attackers to remotely execute code on vulnerable instances of the program. The issue, known as CVE-2024-38856, was rated 9.8 on the CVSS scale, which indicates its critical danger. Apache OFBiz instances released before version 18.12.15 are vulnerable.
SonicWall, which identified the vulnerability and reported it, noted that the cause of the problem lies in the authentication mechanism. This error allows unauthorized users to access functions that normally require logging in, opening the way for remote code execution.
CVE-2024-38856 is also a workaround for the CVE-2024-36104 vulnerability, which was fixed in June 2024 with the release of version 18.12.14. According to SonicWall representatives, the problem lies in the Override View function, which opens critical endpoints to unauthorized users, allowing them to execute remote code through specially formed requests.
Security researcher Haseeb Vora noted that access to the ProgramExport endpoint was provided without authentication, which allowed attackers to use any other endpoint that does not require authorization through the Override View function. Fortunately, the vulnerability was fixed in OFBiz version 18.12.15 using this commit on GitHub.
Although neither Apache representatives nor SonicWall researchers provided clear information about exploiting the vulnerability before it was discovered, they still marked it as a zero-day breach. This means that you need to upgrade to the secure version as soon as possible, since hackers already have a complete understanding of how to use the vulnerability in real attacks.
These events occur against the background of another critical vulnerability in OFBiz, CVE-2024-32113, which is already being actively exploited for the deployment of the Mirai botnet. A patch for this vulnerability was released in May 2024, but administrators are slow to roll out updates, making their infrastructure vulnerable.
In December 2023, SonicWall also reported another zero-day vulnerability in the same software (CVE-2023-51467), which allowed bypassing authentication protection. This vulnerability has also been subjected to numerous attempts to exploit by intruders.
Source
