The vulnerability, which has a CVSS score of 9.8 out of 10, was identified by SonicWall. The flaw exploits a weakness in the authentication mechanism of Apache OFBiz, enabling unauthorized users to access functionalities that typically require authentication. This access can be used to execute arbitrary code, potentially compromising sensitive business operations and data.
Despite the release of a patch for this vulnerability in Apache OFBiz version 18.12.15, threat actors have been observed actively attempting to exploit unpatched systems. This vulnerability also bypasses a previously patched path traversal vulnerability (CVE-2024-36104), highlighting the need for immediate action to apply the latest updates.
Organizations using Apache OFBiz are strongly advised to update their systems to the latest version to mitigate the risk of exploitation. Cybersecurity experts emphasize the importance of maintaining up-to-date security patches and conducting regular security assessments to protect against such high-severity threats.
Source: The Hacker News
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.