Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution vulnerability

Severity: Zero day

Date of Publish: 06,Aug’24

Affected System:

Apache OFBiz: through 18.12.14

Summary

Apache OFBiz open-source enterprise resource planning ERP Allows Remote Code Execution vulnerability

Description

a zero-day pre-authentication remote code execution vulnerability was identified in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow remote attacker to execute arbitrary code in the affected systems.

Recommendations /Solutions

upgrade to version 18.12.15

Vendor Referene:

https://issues.apache.org/jira/browse/OFBIZ-13128
https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w
https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html

CVE:

CVE-2024-38856

NOTE : The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 06-Aug-24 – First advisory released. —update -update version avaible

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts

Date of Publish: 06,Aug’24

Affected System:

Summary

Description

Recommendations /Solutions

Vendor Referene:

CVE:

NOTE : The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 06-Aug-24 – First advisory released. —update -update version avaible

About The Author

More Stories

You may have missed

About Us

Visitor Counter

Recent Posts

Categories

Use-full Links