InfoSecBulletin Cybersecurity for mankind
CISA issued a warning about a security flaw in Apache OFBiz, an ERP system. The vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog as CVE-2024-38856.
CVE-2024-38856 is a serious security flaw in Apache OFBiz. It allows attackers to run code on a remote server without authentication. To stay safe, organizations should update to Apache OFBiz version 18.12.15 or newer.
GitLab Patches Critical Authentication Bypass flaw
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
CVE-2024-38856 is a vulnerability in Apache OFBiz’s authentication mechanism. It allows unauthorized users to access functions only meant for logged-in users. By exploiting this vulnerability, attackers can run any code on compromised systems, possibly gaining full control.
SonicWall found and reported a critical vulnerability, CVE-2024-38856, in Apache OFBiz’s override view feature. This flaw allows unauthenticated attackers to access important parts of the system by sending specific requests.
Cybersecurity researchers Zeyad Azima from SecureLayer7 and Youssef Muhammad have posted a proof-of-concept (PoC) exploit code for CVE-2024-38856 on GitHub. This makes it easier for attackers to use the vulnerability in their attacks.
CISA strongly recommends that all federal agencies and organizations using Apache OFBiz update their installations to version 18.12.15 or later by September 17, 2024. Failing to apply these updates could lead to attacks and severe consequences.
