Apache OFBiz: Current security patch repairs older patches
A recent patch for Apache OFBiz prevents security updates for older vulnerabilities from being bypassed.
(Image: Alfa Photo/Shutterstock.com)
Admins who use Apache OFBiz in companies should update the Enterprise Resource Planning (ERP) system to the latest version for security reasons. The latest security update prevents the bypassing of patches for older vulnerabilities.
Revised security update
OFBiz helps companies to automate processes and provides various business applications, among other things. The Linux and Windows versions are threatened by the vulnerability (CVE-2024-45195"high"). Because authorizations in the web application are not sufficiently checked, attackers can gain access without logging in and execute malicious code. Security researchers from Rapid7 explain how this can happen in detail in an article.
The researchers state that attackers can bypass security updates for vulnerabilities from August 2024 (CVE-2024-32113"critical", CVE-2024-36104, CVE-2024-38856"critical"). The new, working security update has now been labeled CVE-2024-45195 and closes the gaps.
Attacks
The first reports of attacks on OFBiz (CVE-2024-32113) were reported back in August. It is currently not known whether the attacks are still ongoing. Admins should ensure that OFBiz 18.12.16 is installed in order to be prepared for the security problems described.
(des)
