Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14

CVE-2024-38856
9.8CRITICAL

Key Information

Vendor
Apache
Status
Apache Ofbiz
Vendor
CVE Published:
5 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 93%📰 News Worthy

Summary

The vulnerability CVE-2024-38856 in Apache OFBiz is a critical zero-day pre-authentication remote code execution vulnerability with a CVSS score of 9.8. This vulnerability affects versions of Apache OFBiz prior to 18.12.15 and has been exploited in the wild. The flaw lies in the authentication mechanism, allowing unauthenticated users to access functionalities that generally require the user to be logged in, leading to potential remote code execution. This vulnerability is a patch bypass for a previous flaw and could result in attackers gaining unauthorized access and control over affected systems. Organizations are strongly recommended to upgrade their implementations to version 18.12.15 or newer to mitigate the risk. The potential impact of exploitation includes data theft, lateral movement by threat actors, and unauthorized access to highly privileged business processes. This vulnerability is particularly concerning as Apache OFBiz is used in many ERP projects and is known to be utilized by various well-known organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38856 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Apache OFBiz <= 18.12.14

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-38856_Scanner
Created by securelayer7

CVE-2024-38856-ApacheOfBiz
Created by Praison001

CVE-2024-38856
Created by emanueldosreis

News Articles

favicon imageThe Cyber Express

CISA Flags Apache OFBiz Vulnerability (CVE-2024-38856)

CISA flags CVE-2024-38856 in Apache OFBiz as critical. Upgrade to version 18.12.15 to avoid exploitation risks. CVE-2024-36104 also affects earlier versions.

3 months ago

favicon imageeSecurity Planet

Vulnerability Recap 8/13/24: Windows, OpenSSH, Apache

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been

3 months ago

favicon imageeSecurity Planet

Vulnerability Recap 8/12/24: Windows, OpenSSH, Apache

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been

3 months ago

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by Help Net Security

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA Database4 Proof of Concept(s)11 News Article(s)

Credit

unam4
ruozhi
m1sn0w
kuiplatain
PaperPen@Timeline Sec
RacerZ
e0mlja
Donghyun
4ra1n
godspeed
Hasib Vhora
pwnull
blckder02-YHLab
Xenc from SGLAB of Legendsec at Qi'anxin Group
Nicholas Zubrisky.
Y4tacker
.