The Information Highway

The Information Highway

Font size: +
2 minutes reading time (388 words)

Critical zero-day vulnerability in Apache OFBiz

Threat update

CVE-2024-38856 is a new Apache OFBiz ERP system critical zero-day vulnerability. If you are using this system, please continue reading to learn which steps you should take to mitigate your risk. 

Technical Detail and Additional Info

What is the threat?

Researchers who were analyzing a patch for a previously targeted vulnerability discovered this new critical vulnerability in Apache OFBiz. It gives unauthenticated users access to the system through remote code execution (RCE), posing a severe threat with a CVSS score of 9.8 out of 10. 

Why is it noteworthy?

Apache OFBiz offers a suite of features for automating and integrating various business processes, including accounting, human resources, customer relationship management, order management, manufacturing, and e-commerce. Many industries use Apache OFBiz as part of their software supply chain.

The issue stems from improper handling of endpoint requests. The authentication checks are only applied to one part of the request, while another part bypasses these checks. The vulnerability exploits the inconsistency between how the request URI and the overriding view URI are handled within the OFBiz system. While the request URI undergoes authentication checks, the overriding view URI, which directs to the final resource, does not. This discrepancy allows attackers to craft requests that circumvent authentication, potentially leading to unauthorized access and exploitation of critical endpoints. 

What is the exposure or risk?

This vulnerability gives unauthenticated users access to functionalities that is meant for logged-in users. Upon a successful exploitation, bad actors can deploy remote code execution, granting attackers the ability to execute arbitrary code on the affected system. 

What are the recommendations?

 LBT Technology Group recommends taking the following measures to mitigate your risk:

  • Apply appropriate updates provided by Apache to vulnerable systems immediately after appropriate testing.
  • Ensure network infrastructure is up to date.
  • Perform automated vulnerability scans of internal assets on a regular basis.
  • Manage default accounts on assets and software, including root, administrator, and other pre-configured vendor accounts.
  • Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain the department owner, review date, and purpose. Regularly review service accounts to ensure you have authorized all active accounts.

References

US oil giant Halliburton confirms cyberattack behi...
Understanding email threats: The foundation of ema...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 23 November 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023