Critical security vulnerability threatens Apache OFBiz enterprise software
Attackers can attack systems with Apache OFBiz and execute their own code. A secured version is available for download.
(Image: Artur Szczybylo/Shutterstock.com)
Under certain circumstances, attackers can exploit a security vulnerability in Apache OFBiz that is classified as "critical".
OFBiz is open source. The enterprise resource planning (ERP) software helps to automate company processes, among other things.
Critical gap
The developers list in the security section of their website that the vulnerability in version 18.12.15 has been closed. All previous versions are said to be vulnerable. There is currently hardly any information on the vulnerability (CVE-2024-38856). A Seclists article indicates that authentication errors can occur, allowing attackers to execute their own code.
Due to the critical classification, it can be assumed that systems are considered fully compromised after malicious code attacks. It is currently not known whether attacks have already taken place.
(des)
