Apache Addresses Severe RCE Vulnerability in OFBiz with an Urgent Patch

 

In a recent release, the Apache OFBiz project developers have been working on a patch to fix a new critical flaw of software that can be exploited by unauthenticated attackers to execute arbitrary code on the server. Considering that attackers are likely to exploit this vulnerability in real-world attacks, users are advised to deploy the patch as soon as possible to avoid falling victim to this vulnerability.
There was a high-severity vulnerability identified as CVE-2024-45195 (CVSS score: 7.5) affecting Apache OFBiz, a popular open-source business enterprise resource planning (ERP) system that is adapted from Apache OFBiz.

In the field of enterprise process automation, Apache OFBiz® from the Apache Software Foundation consists of framework components and applications as well as a business process automation framework. 

This vulnerability is caused by Apache’s OFBiz implementation of Direct Request (‘Forced Browsing’). It has been found that all versions of the software before 18.12.16 are affected by this bug.

The project maintainers have been working on CVE-2024-45195 for several months now to prevent the occurrence of a severe sequence of vulnerabilities, CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856, which were already addressed by the project maintainers previously. 

CVE-2024-32113 and CVE-2024-38856, both of which appear to be exploited actively in the wild and the forme

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: