Cyber Security Alert - Apache OFBiz Addresses Bypass of a Recently Disclosed Remote Code Execution Vulnerability Exploited in Attacks

Summary

On 04-Sep-2024, Apache released a security advisory to address Apache OFBiz unauthenticated remote code execution vulnerability on Linux and Windows. If exploited, an unauthorised remote user can exploit missing view authorisation checks in the web application to execute arbitrary code on the server. This exploitation is facilitated by bypassing previous patches for CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856 .

The vulnerabilities CVE-2024-32113 and CVE-2024-38856 were exploited in the wild and are listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog.

Apache OFBiz is an open-source enterprise resource planning (ERP) system. It provides a suite of enterprise applications designed to integrate and automate many business processes.

We strongly recommend that organisations running affected product versions upgrade to the latest supported software versions as soon as possible.

What is the Vulnerability?

We are providing the CVE score and 3.x severity rating assigned by NIST at the time of disclosure

· CVE-2024-45195 – CVSS 7.5 HIGH - Apache OFBiz Unauthenticated Remote Code Execution Vulnerability – A Direct Request ('Forced Browsing') vulnerability in Apache OFBiz, caused by a controller-view map fragmentation issue, allows attackers to execute code or SQL queries, potentially leading to remote code execution without authentication.

Weakness Enumeration: CWE-425-Direct Request ('Forced Browsing')

The OFBiz security update also addresses CVE-2024-45507, described as a server-side request forgery (SSRF) and code injection vulnerability that needs user interaction to exploit.

What is Vulnerable?

· Apache OFBiz

o All versions before 18.12.16

What has been Observed?

The vulnerability, CVE-2024-45195, discovered by Rapid7 security researchers, states that Previously disclosed vulnerabilities(CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856) are essentially the same, with the same root cause.

Recommendations

· Review Apache OFBiz Security Vulnerabilities

· Review Apache OFBiz 18.12.16 released

· Identify the vulnerable product versions within your environment

o If identified upgrade to the updated versions

· Refer Release Notes 18.12.16

Words of Estimative Probability (WEPs) Certain words are used within intelligence products to convey analytical judgement regarding the probability of a development or event occurring. Our judgements are not factual statements, they reflect the best understanding of a scenario or situation at a point in time based on available information. This diagram shows the relationships between the estimative terms and how they correspond to approximate ranges of likelihood:

Cyber Security Alert - Apache OFBiz Addresses Bypass of a Recently Disclosed Remote Code Execution Vulnerability Exploited in Attacks

Post a Comment

Threat Research Advisory - When Your Company Hits the Darknet: Navigating the Surge in High-Validity Combolist-as-a-Service Threats

Cyber Security Alert - Cisco Addresses Multiple Vulnerabilities in Cisco Nexus Software

Cyber Security Alert - SonicWall Updates Advisory with Urgent Warning Regarding CVE-2024-40766: Potential Exploitation in the Wild

Incident Response Methodologies: SOPs (Standard Operating Procedures) / Playbooks / Runbooks

Cyber Security Alert - Windows Elevation of Privilege Vulnerability Chain-PoC Exploit Released

Cyber Security Alert-Ivanti Security Advisory EPM September 2024 Addresses Multiple Vulnerabilities in Endpoint Manager

How to Eliminate the Threat Posed by Remote Access

Cybersecurity Concepts | From Threats to Breaches

Selecting the Right Framework for Threat Intelligence Teams

Understanding the STRIDE Threat Modeling Framework

Contact Form