A new critical vulnerability in Apache OFBiz has been uncovered - here's what you need to know

A new critical vulnerability in Apache OFBiz has been uncovered - here's what you need to know

Briefly

CVE-2024-38856, a pre-authentication remote code execution vulnerability, rated 9.8 on CVSS, affects Apache OFBiz versions up to 18.12.14.

ITProhttps://www.itpro.com/software/a-new-critical-vulnerability-in-apache-ofbiz-has-been-uncovered-heres-what-you-need-to-know

SonicWall team discovered the vulnerability by chaining endpoints without authentication in Apache OFBiz, despite a patch introduced earlier for path traversal attack vectors.

ITProhttps://www.itpro.com/software/a-new-critical-vulnerability-in-apache-ofbiz-has-been-uncovered-heres-what-you-need-to-know