The Information Highway

The Information Highway
Font size: +
  Print
2 minutes reading time (388 words)

Critical zero-day vulnerability in Apache OFBiz

108 Hits

Threat update

CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading to learn which steps you should take to mitigate your risk. 

Technical Detail and Additional Info

What is the threat?

Researchers who were analyzing a patch for a previously targeted vulnerability discovered this new critical vulnerability in Apache OFBiz. It gives unauthenticated users access to the system through remote code execution (RCE), posing a severe threat with a CVSS score of 9.8 out of 10. 

Why is it noteworthy?

Apache OFBiz offers a suite of features for automating and integrating various business processes, including accounting, human resources, customer relationship management, order management, manufacturing, and e-commerce. Many industries use Apache OFBiz as part of their software supply chain.

The issue stems from improper handling of endpoint requests. The authentication checks are only applied to one part of the request, while another part bypasses these checks. The vulnerability exploits the inconsistency between how the request URI and the overriding view URI are handled within the OFBiz system. While the request URI undergoes authentication checks, the overriding view URI, which directs to the final resource, does not. This discrepancy allows attackers to craft requests that circumvent authentication, potentially leading to unauthorized access and exploitation of critical endpoints. 

What is the exposure or risk?

This vulnerability gives unauthenticated users access to functionalities that is meant for logged-in users. Upon a successful exploitation, bad actors can deploy remote code execution, granting attackers the ability to execute arbitrary code on the affected system. 

What are the recommendations?

 LBT Technology Group recommends taking the following measures to mitigate your risk:

  • Apply appropriate updates provided by Apache to vulnerable systems immediately after appropriate testing.
  • Ensure network infrastructure is up to date.
  • Perform automated vulnerability scans of internal assets on a regular basis.
  • Manage default accounts on assets and software, including root, administrator, and other pre-configured vendor accounts.
  • Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain the department owner, review date, and purpose. Regularly review service accounts to ensure you have authorized all active accounts.

References

 For more in-depth information about the recommendations, please visit the following links:


If you have any questions, please contact LBT's Sales Engineer.


0
How do you feel about this post?
Happy (0)
Love (0)
Surprised (0)
Sad (0)
Angry (0)
Tags:
move block CVE -2024-38856 Apache OFBiz ERP system zero-day vulnerability system
US oil giant Halliburton confirms cyberattack behi...
Understanding email threats: The foundation of ema...

About the author

LBT Technology Group, LLC.

LBT Technology Group, LLC.

As we navigate our ever-evolving cyber society, LBT Technology Group believes providing comprehensive IT services to others is essential. As a Managed IT Services Provider (MSP), we are positioned to eliminate your pain points by optimizing your technology, mitigating your cyber security risk footprint, and improving your cyber resilence. The focus we place on reducing the presistent cyber security risks to the confidentiality, integrity, and availability of your information systems and our proficiency in restoring IT services in the event of a cyber attack or technology outage separates us from our competitors--WE SIMPLIFY YOUR IT EQUATION.
Author's recent posts
More posts from author

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Thursday, 19 September 2024

Captcha Image