Outbreak Alert: Apache OFBiz

jcondon · ‎09-26-2024

Description	Apache OFBiz is an open-source enterprise resource planning (ERP) system that provides business solutions to various industries. It includes tools to manage business operations such as customer relationships, order processing, human resource functions, and more. According to open sources, there are hundreds of companies worldwide that use Apache OFBiz. CVE-2024-38856 is an Incorrect Authorization vulnerability, meaning that an unauthenticated user can access restricted functionalities. This flaw was identified while analyzing the patch for CVE-2024-36104, which was an incomplete fix. CVE-2024-36104 is a Path Traversal vulnerability in Apache OFBiz that exposes endpoints to unauthenticated users, who could leverage it to achieve remote code execution via specially crafted requests.
Scope	Both issues affect Apache OFBiz through 18.12.14. To date, Lacework has not observed successful exploitation of these vulnerabilities in the cloud environments we monitor.
Solution	It is recommended that users check for vulnerable software and subsequently upgrade to Apache OFBiz version 18.12.15. How to Find these Vulnerabilities in Lacework Search for these new CVEs in either the Container or Host Vulnerability pages. Example: Detecting potential resulting exploits in run time If this vulnerability is exploited and the attacker conducts post-exploit actions, Lacework has a suite of detections for attacker actions. These are delivered via composite alerts, which are correlated events consisting of anomaly detection, threat intelligence, and signature based methods.
Additional Resources	Lacework Vulnerability Management Documentation Apache OFBiz RCE Attack \| Outbreak Alert \| FortiGuard Labs

Outbreak Alert: Apache OFBiz

How to Find these Vulnerabilities in Lacework​

Detecting potential resulting exploits in run time​

How to Find these Vulnerabilities in Lacework

Detecting potential resulting exploits in run time