Incorrect Authorization Vulnerability Affects Apache OFBiz Through 18.12.14

CVE-2024-38856

9.8CRITICAL

Key Information

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 5 August 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC🟣 EPSS 93%📰 News Worthy

Summary

The vulnerability CVE-2024-38856 in Apache OFBiz is a critical zero-day pre-authentication remote code execution vulnerability with a CVSS score of 9.8. This vulnerability affects versions of Apache OFBiz prior to 18.12.15 and has been exploited in the wild. The flaw lies in the authentication mechanism, allowing unauthenticated users to access functionalities that generally require the user to be logged in, leading to potential remote code execution. This vulnerability is a patch bypass for a previous flaw and could result in attackers gaining unauthorized access and control over affected systems. Organizations are strongly recommended to upgrade their implementations to version 18.12.15 or newer to mitigate the risk. The potential impact of exploitation includes data theft, lateral movement by threat actors, and unauthorized access to highly privileged business processes. This vulnerability is particularly concerning as Apache OFBiz is used in many ERP projects and is known to be utilized by various well-known organizations.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38856 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Apache OFBiz <= 18.12.14

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-38856_Scanner
Created by securelayer7

CVE-2024-38856-ApacheOfBiz
Created by Praison001

CVE-2024-38856
Created by emanueldosreis

News Articles

eSecurity Planet

CVE-2024-38856

Vulnerability Recap 8/13/24: Windows, OpenSSH, Apache

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been

1 month ago

eSecurity Planet

CVE-2024-38856

Vulnerability Recap 8/12/24: Windows, OpenSSH, Apache

It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been

1 month ago

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit exists.
Sep 1, 2024
🔥
Vulnerability reached the number 1 worldwide trending spot.
Aug 6, 2024
Vulnerability started trending.
Aug 6, 2024
First article discovered by Help Net Security
Aug 5, 2024
Vulnerability published.
Aug 5, 2024
Vulnerability Reserved.
Jun 20, 2024

Collectors

NVD DatabaseMitre DatabaseCISA Database4 Proof of Concept(s)10 News Article(s)

Credit

unam4

ruozhi

m1sn0w

kuiplatain

PaperPen@Timeline Sec

RacerZ

e0mlja

Donghyun

4ra1n

godspeed

Hasib Vhora

pwnull

blckder02-YHLab

Xenc from SGLAB of Legendsec at Qi'anxin Group

Nicholas Zubrisky.

Y4tacker