CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38856

Critical Severity
Apache
SVRS
94/100
CVSSv3
9.8/10
EPSS
0.94366/1

CVE-2024-38856 is an Incorrect Authorization vulnerability in Apache OFBiz, potentially allowing unauthorized access. This flaw affects versions up to 18.12.14, and users should upgrade to 18.12.15 immediately. Unauthenticated endpoints may permit the execution of screen rendering code under specific preconditions, bypassing intended access controls. With a SOCRadar Vulnerability Risk Score (SVRS) of 94, this vulnerability is considered critical, demanding immediate attention. The high SVRS is due to the existence of active exploits in the wild and its listing in the CISA KEV catalog, making this CVE highly dangerous. Exploitation could lead to severe data breaches and system compromise, making remediation a top security priority for organizations using affected Apache OFBiz versions.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-08-05
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38856 is an Incorrect Authorization vulnerability in Apache OFBiz, affecting versions through 18.12.14. Unauthenticated endpoints could allow execution of screen rendering code if certain preconditions are met.

Key Insights:

  • SVRS Score: 42, indicating a moderate risk.
  • Exploit Status: Active exploits have been published.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • In The Wild: The vulnerability is actively exploited by hackers.

Mitigation Strategies:

  • Upgrade to Apache OFBiz version 18.12.15 or later.
  • Implement access controls to restrict unauthorized access to vulnerable endpoints.
  • Monitor logs for suspicious activity and investigate any unauthorized access attempts.
  • Consider using a web application firewall (WAF) to block malicious requests.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Apache OFBiz Incorrect Authorization Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-388562024-08-27
securelayer7/CVE-2024-38856_Scannerhttps://github.com/securelayer7/CVE-2024-38856_Scanner2024-08-08
Praison001/CVE-2024-38856-ApacheOfBizhttps://github.com/Praison001/CVE-2024-38856-ApacheOfBiz2024-08-18
codeb0ss/CVE-2024-38856-PoChttps://github.com/codeb0ss/CVE-2024-38856-PoC2024-08-09
Disseminator/Poc_CVE-2024-38856https://github.com/Disseminator/Poc_CVE-2024-388562024-08-05
0x20c/CVE-2024-38856-EXPhttps://github.com/0x20c/CVE-2024-38856-EXP2024-08-22
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, August 28th, 2024
Dr. Johannes B. Ullrich2024-08-28
ISC StormCast for Wednesday, August 28th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Why Python; OFBiz Update; Versa Directory Exploit; Chrome Exploit; SGX Key LeakWhy is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited
sans.edu
rss
forum
news
New critical Apache OFBiz vulnerability patched as older flaw is actively exploited - CSO Online
2024-08-05
New critical Apache OFBiz vulnerability patched as older flaw is actively exploited - CSO Online | News Content: Researchers discovered a new RCE flaw while analyzing the patch for a different flaw currently targeted by attackers. As the fifth critical flaw this year for the ERP framework, users are urged to update ASAP. Researchers warn of a new critical vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system and framework. The flaw potentially allows for remote code execution (RCE) without authentication and was patched shortly after news that another vulnerability fixed back in May is being exploited in the
google.com
rss
forum
news
CISA warns about actively exploited Apache OFBiz RCE flaw - BleepingComputer
2024-08-08
CISA warns about actively exploited Apache OFBiz RCE flaw - BleepingComputer | News Content: The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and cost-effectiveness, it's used in a wide range of industries and business sizes. The flaw added to CISA's Known Exploited Vulnerability Catalog (KEV) is CVE-2024-32113, a path traversal vulnerability
google.com
rss
forum
news
Second Apache OFBiz Vulnerability Exploited in Attacks - SecurityWeek
2024-08-28
Second Apache OFBiz Vulnerability Exploited in Attacks - SecurityWeek | News Content: The US cybersecurity agency CISA on Tuesday added a second Apache OFBiz flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, tracked as CVE-2024-38856, has been described as an incorrect authorization issue that can allow unauthenticated endpoints to execute screen rendering code under certain conditions. Apache OFBiz versions through 18.12.14 are impacted, and version 18.12.15 includes a fix. SonicWall, whose researchers discovered the vulnerability, described it as a critical issue that can allow unauthenticated remote code execution. Proof-of-concept (PoC) exploits targeting CVE-2024-38856 started
google.com
rss
forum
news
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports - The Hacker News
2024-08-28
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports - The Hacker News | News Content: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity. "Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated
google.com
rss
forum
news
Data Breaches Digest - Week 35 2024
Dunkie ([email protected])2024-11-01
Data Breaches Digest - Week 35 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 26th August and 1st September 2024. 1st September <br
dbdigest.com
rss
forum
news
New critical Apache OFBiz vulnerability patched as older flaw is actively exploited - CSO Online
2024-08-05
New critical Apache OFBiz vulnerability patched as older flaw is actively exploited - CSO Online | News Content: Researchers warn of a new critical vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system and framework. The flaw potentially allows for remote code execution (RCE) without authentication and was patched shortly after news that another vulnerability fixed back in May is being exploited in the wild. The new vulnerability, tracked as CVE-2024-38856, was discovered by researchers from SonicWall and is rated critical. It impacts Apache OFBiz versions up to 18.12.14 and was patched in version 18.12.15 released on
google.com
rss
forum
news

Social Media

CVE-2024-38856 – Apache Ofbiz RCE https://t.co/2VR2xMpUZ8
0
0
0
CVE-2024-38856 and CVE-2024-45195 – Apache OFBiz Security Vulnerabilities – August 2024: Critical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disruption of Critical… https://t.co/nzva594HXj https://t.co/J8qS2bT2zS
0
0
0
csirt_it: #Apache: rilevato lo sfruttamento attivo in rete della CVE-2024-38856, relativo a #OFBiz ⚠️ Ove non provveduto, si raccomanda l’aggiornamento tempestivo del software interessato https://t.co/Au2Zm93hLl
0
0
0
CVE-2024-38856 vulnerability in Apache OFBiz is being actively exploited and added to CISA's Known Exploited Vulnerabilities catalog. Stay informed: https://t.co/0wEckygWvQ #CyberSecurity #ThreatIntelligence #DarkWebMonitoring #AttackSurfaceManagement #VulnerabilityManagement https://t.co/jgmcQrq9gL
0
0
0
The vulnerability, known as CVE-2024-38856, carries a CVSS score of 9.8, indicating critical severity. https://t.co/8fTKrn7uep
0
0
0
CISA flags critical Apache OFBiz flaw (CVE-2024-38856) with a CVSS score of 9.8 amid active exploitation reports. #cybersecurity #technews #cisa #vulnerability
0
0
0
#CVE-2024-38856 affects #Apache #OFBiz (v18.12.14), allows unauthorized remote code execution, potentially giving attackers full system control. Upgrade to version 18.12.15 ASAP! Learn more: https://t.co/oaLCqttexb #CyberSecurity #ApacheOFBiz #Vulnerability #RCE https://t.co/2Y3uwCiFzZ
0
0
0
🚨 New #CISA #KEV Entry: Apache | OFBiz | CVE-2024-38856. Apache #OFBiz has an incorrect authorization vulnerability allowing remote code execution via a Groovy payload by an unauthenticated attacker. Potential for serious exploitation. #Apache #Vulnerability #RCE #CVE202438856
0
0
0
🆕🆕🆕 Apache OFBiz RCE Scanner &amp; Exploit (CVE-2024-38856) 🔗Learn more here: https://t.co/lPGS56rRIW https://t.co/pZo8d0nela
0
0
3
Actively exploited CVE : CVE-2024-38856
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApacheofbiz

References

ReferenceLink
[email protected]https://issues.apache.org/jira/browse/OFBIZ-13128
[email protected]https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w
[email protected]https://ofbiz.apache.org/download.html
[email protected]https://ofbiz.apache.org/security.html
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/08/04/1
[email protected]https://issues.apache.org/jira/browse/OFBIZ-13128
[email protected]https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w
[email protected]https://ofbiz.apache.org/download.html
[email protected]https://ofbiz.apache.org/security.html

CWE Details

CWE IDCWE NameDescription
CWE-863Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence