CISA Issues Warning on Active Exploits of Apache OFBiz RCE Vulnerabilities

August 8, 2024

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning about two vulnerabilities that are currently being exploited, one of which impacts Apache OFBiz. Apache OFBiz, also known as Open For Business, is a well-known open-source enterprise resource planning (ERP) system that offers a collection of business applications for managing various organizational aspects. It's widely adopted across a variety of industries and business scales due to its adaptability and cost-effectiveness. The vulnerability that has been added to CISA's Known Exploited Vulnerability Catalog (KEV) is CVE-2024-32113, which is a path traversal vulnerability that affects OFBiz versions prior to 18.12.13. This vulnerability, if exploited, could enable attackers to execute arbitrary commands remotely on susceptible servers. Federal and state entities have been given until August 28, 2024, to apply the available security updates and mitigations to address this risk or to discontinue use of the product.

The second vulnerability added to KEV, with the same deadline set by CISA, is CVE-2024-36971, an Android kernel zero-day that Google addressed earlier in the week. The Apache OFBiz CVE-2024-32113 vulnerability was resolved on May 8, 2024. By the end of May, security researchers had disclosed complete exploitation details that demonstrated how this vulnerability could be leveraged for malware deployment and for pivoting to other network segments. The vulnerability arises from a combination of inadequate input validation and improper handling of user-provided data, particularly a failure to sanitize URLs, which allows directory traversal sequences like ../ and ; to circumvent security filters. Furthermore, the execution of user-supplied Groovy scripts has insufficient blocklisting, failing to prevent dangerous commands and enabling malicious actors to execute arbitrary code.

After a security researcher known as 'Unam4' published details about exploiting this vulnerability on his blog, others used this information to create functional exploits, which they subsequently posted on GitHub. As CISA issues a warning about active exploitation for CVE-2024-32113, a more recent vulnerability that affects newer versions of Apache OFBiz was discovered earlier this week. Identified as CVE-2024-38856, this vulnerability is a critical (CVSS score: 9.8) pre-authentication remote code execution issue that affects Apache OFBiz versions up to 18.12.14. SonicWall released extensive technical details about CVE-2024-38856 on Monday, and several proof-of-concept exploits have been made available on GitHub. Therefore, it is likely that threat actors will begin actively exploiting this issue soon. This problem was resolved with the release of OFBiz version 18.12.15, which should be the upgrade target for all users of the software.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.