CISA issued a warning about a security flaw in Apache OFBiz, an ERP system. The vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog as CVE-2024-38856.
CVE-2024-38856 is a serious security flaw in Apache OFBiz. It allows attackers to run code on a remote server without authentication. To stay safe, organizations should update to Apache OFBiz version 18.12.15 or newer.
By infosecbulletin
/ Wednesday , June 4 2025
IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
By infosecbulletin
/ Wednesday , June 4 2025
As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
By infosecbulletin
/ Tuesday , June 3 2025
In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
By infosecbulletin
/ Tuesday , June 3 2025
Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
By infosecbulletin
/ Monday , June 2 2025
Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
By infosecbulletin
/ Sunday , June 1 2025
A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
By infosecbulletin
/ Sunday , June 1 2025
CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
By infosecbulletin
/ Saturday , May 31 2025
The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
By infosecbulletin
/ Saturday , May 31 2025
New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
By infosecbulletin
/ Saturday , May 31 2025
Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
CVE-2024-38856 is a vulnerability in Apache OFBiz’s authentication mechanism. It allows unauthorized users to access functions only meant for logged-in users. By exploiting this vulnerability, attackers can run any code on compromised systems, possibly gaining full control.
SonicWall found and reported a critical vulnerability, CVE-2024-38856, in Apache OFBiz’s override view feature. This flaw allows unauthenticated attackers to access important parts of the system by sending specific requests.
Cybersecurity researchers Zeyad Azima from SecureLayer7 and Youssef Muhammad have posted a proof-of-concept (PoC) exploit code for CVE-2024-38856 on GitHub. This makes it easier for attackers to use the vulnerability in their attacks.
CISA strongly recommends that all federal agencies and organizations using Apache OFBiz update their installations to version 18.12.15 or later by September 17, 2024. Failing to apply these updates could lead to attacks and severe consequences.