{"id":167676,"date":"2024-08-28T07:41:31","date_gmt":"2024-08-28T07:41:31","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=167676"},"modified":"2024-08-28T07:41:32","modified_gmt":"2024-08-28T07:41:32","slug":"u-s-cisa-apache-ofbiz-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/167676\/uncategorized\/u-s-cisa-apache-ofbiz-known-exploited-vulnerabilities-catalog.html","title":{"rendered":"U.S. CISA adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"
<\/div>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog.<\/h2>\n\n\n\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a> Apache OFBiz Incorrect Authorization Vulnerability CVE-2024-38856<\/a> (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n

The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw.<\/p>\n\n\n\n

\u201cUnauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don\u2019t explicitly check user\u2019s permissions because they rely on the configuration of their endpoints).\u201d reads the advisory<\/a>.<\/em><\/p>\n\n\n\n

The security researcher Hasib Vhora from SonicWall reported the vulnerability CVE-2024-38856 along with other security experts.<\/p>\n\n\n\n

 \u201cThe SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856<\/a> with a CVSS score of 9.8. This is the second major flaw<\/a> SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023.\u201d wrote Vhora<\/strong><\/a>. \u201cThis time, a flaw in the override view functionality exposes critical endpoints to unauthenticated threat actors using a crafted request, paving the way for remote code execution. It affects Apache OFBiz versions up to 18.12.14, and users are strongly encouraged to upgrade their instances to version 18.12.15<\/a> or newer.\u201d<\/p>\n\n\n\n

The issue stems from a flaw in the authentication mechanism, which allows unauthenticated users to access features typically restricted to logged-in users, potentially leading to remote code execution.<\/p>\n\n\n\n

Apache OFBiz is an open-source ERP system that helps businesses automate and integrate various processes such as accounting, HR, CRM, order management, manufacturing, and e-commerce. It is used by hundreds of companies worldwide, with 41% in the U.S., 19% in India, 7% in Germany, 6% in France, and 5% in the U.K. Notable users include United Airlines, Atlassian JIRA, Home Depot, and HP.<\/p>\n\n\n\n

SonicWall is not aware of attacks in the wild exploiting this vulnerability, however it has developed IPS signature IPS:4455 to detect any active exploitation of this issue.<\/gwmw><\/gwmw><\/p>\n\n\n\n

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.<\/gwmw><\/gwmw><\/p>\n\n\n\n

Experts also recommend private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n

CISA orders federal agencies to fix this vulnerability by\u00a0September 17, 2024.<\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/gwmw><\/gwmw><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0CISA<\/a>)<\/strong><\/p>\n\n\n\n

<\/gwmw><\/gwmw><\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n\n\n\n

<\/gwmw><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache OFBiz bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added Apache OFBiz Incorrect Authorization Vulnerability CVE-2024-38856 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions […]<\/p>\n","protected":false},"author":1,"featured_media":106349,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-167676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"\n杭州江阴科强工业胶带有限公司