Threat Intel Solutions

* [Threat Intelligence](/threat-intelligence)* [Vulnerabilities -& Threats](/vulnerabilities-threats)* [Endpoint Security](/endpoint-security)Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges=============================================================================================================================The vulnerability carries nearly the highest score possible on the CVSS scale, at 9.8, impacting a system used by major companies around the world.  [Kristina Beek, Associate Editor, Dark Reading](/author/kristinabeek)August 29, 2024 2 Min Read  Source: tofino via Alamy Stock Photo [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](/cdn-cgi/l/email-protection#053a7670676f60667138407d75696a6c7160613f25464c5644254d6c626d696c626d717625447564666d60254a43476c7f254369647225446371607725556a462540686077626076236468753e676a617c384c203735716d6a70626d71203735716d60203735636a69696a726c6b6220373563776a682037354164776e203735576064616c6b62203735686c626d712037356c6b7160776076712037357c6a702b203541203544203541203544203735407d75696a6c716061203644203735464c56442037354d6c626d696c626d7176203735447564666d602037354a43476c7f203735436964722037354463716077203735556a46203735406860776260762035412035446d717175762036442037432037437272722b6164776e776064616c6b622b666a68203743716d77606471286c6b716069696c62606b6660203743666c7664286d6c626d696c626d717628647564666d60286a63676c7f286369647228646371607728756a66286a75606b28646666607676)[](https://www.reddit.com/submit?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access&title=Exploited%3A%20CISA%20Highlights%20Apache%20OFBiz%20Flaw%20After%20PoC%20Emerges) CISA has [added a critical security flaw](https://www.cisa.gov/news-events/alerts/2024/08/27/cisa-adds-one-known-exploited-vulnerability-catalog) in the Apache OFBiz open source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catalog.Apache OFBiz is a system that helps industries manage their operations, such as customer relations, human resource functions, order processing, and warehouse management. Roughly 170 companies use Apache OFBiz, 41% of them in the US. These include bigwigs such as United Airlines, Home Depot, and HP Development, among many others, according to the platform website.Tracked as [CVE-2024-38856](https://www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce), the bug carries a score of 9.8 out of 10 on the CVSS vulnerability-severity scale, since it allows pre-authentication remote code execution (RCE). CISA’s move comes after proof-of-concept (PoC) exploits were made available to the public following the flaw’s disclosure in early August.Organizations should update to version 18.12.15 to mitigate against the threat. Federal Civilian Executive Branch (FCEB) agencies have been given a deadline of Sept. 17 to do so.One Vulnerability Leads to Another———————————-CVE-2024-38856 initially was discovered earlier this month by researchers at SonicWall, while they were analyzing a different RCE flaw in the platform, CVE-2024-36104.CVE-2024-36104 allows remote attackers to access system directories, due to an inadequate validation of user requests. This occurs specifically due to the ControlServlet and RequestHandler functions receiving different endpoints to process after receiving the same request. If functioning correctly, both should get the same endpoint to process.While testing a patch for CVE-2024-36104, the researchers discovered the next flaw, CVE-2024-38856, which permits unauthenticated access by way of the ProgramExport endpoint, which could potentially enable arbitrary code execution and should be restricted.Avoiding Exploitation———————In a blog post, the SonicWall researchers provided an example of an attack chain in which a threat actor could exploit CVE-2024-38856 using the following input, and then gaining the subsequent output:’POST /webtools/control/forgotPassword/ProgramExport HTTP/1.1groovyProgram=throw new Exception (‘whoami’ .execute () .text) ;’Other URLs that can be used to exploit CVE-2024-36104 are: * POST /webtools/control/forgotPassword/ProgramExport* POST /webtools/control/showDateTime/ProgramExport* POST /webtools/control/TestService/ProgramExport* POST /webtools/control/view/ProgramExport* POST /webtools/control/main/ProgramExportThis vulnerability impacts every version of the Apache OFBiz up to 18.12.14, and there are no interim patches available; users and organizations must upgrade to the the latest version to prevent potential exploitation of the flaw.Failure to promptly upgrade could ‘enable threat actors to manipulate login parameters and execute arbitrary code on the target server,’ [according to researchers at Zscaler](https://www.zscaler.com/blogs/security-research/cve-2024-38856-pre-auth-rce-vulnerability-apache-ofbiz) who also analyzed the bug earlier this month, especially as attackers increasingly capitalize off of publicly disclosed PoC exploits for vulnerabilities. [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access)[](/cdn-cgi/l/email-protection#d1eea2a4b3bbb4b2a5ec94a9a1bdbeb8a5b4b5ebf192988290f199b8b6b9bdb8b6b9a5a2f190a1b0b2b9b4f19e9793b8abf197bdb0a6f190b7a5b4a3f181be92f194bcb4a3b6b4a2f7b0bca1eab3beb5a8ec98f4e3e1a5b9bea4b6b9a5f4e3e1a5b9b4f4e3e1b7bebdbdbea6b8bfb6f4e3e1b7a3bebcf4e3e195b0a3baf4e3e183b4b0b5b8bfb6f4e3e1bcb8b6b9a5f4e3e1b8bfa5b4a3b4a2a5f4e3e1a8bea4fff4e195f4e190f4e195f4e190f4e3e194a9a1bdbeb8a5b4b5f4e290f4e3e192988290f4e3e199b8b6b9bdb8b6b9a5a2f4e3e190a1b0b2b9b4f4e3e19e9793b8abf4e3e197bdb0a6f4e3e190b7a5b4a3f4e3e181be92f4e3e194bcb4a3b6b4a2f4e195f4e190b9a5a5a1a2f4e290f4e397f4e397a6a6a6ffb5b0a3baa3b4b0b5b8bfb6ffb2bebcf4e397a5b9a3b4b0a5fcb8bfa5b4bdbdb8b6b4bfb2b4f4e397b2b8a2b0fcb9b8b6b9bdb8b6b9a5a2fcb0a1b0b2b9b4fcbeb7b3b8abfcb7bdb0a6fcb0b7a5b4a3fca1beb2fcbea1b4bffcb0b2b2b4a2a2)[](https://www.reddit.com/submit?url=https://www.darkreading.com/threat-intelligence/cisa-highlights-apache-ofbiz-flaw-after-poc-open-access&title=Exploited%3A%20CISA%20Highlights%20Apache%20OFBiz%20Flaw%20After%20PoC%20Emerges) About the Author—————- [Kristina Beek, Associate Editor, Dark Reading](/author/kristinabeek)
[See more from Kristina Beek, Associate Editor, Dark Reading](/author/kristinabeek) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi)You May Also Like*** ** * ** ***More Insights Webinars* [Catch the Threat Before it Catches you: Proactive Ransomware Defense](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg280&ch=SBX&cid=_upcoming_webinars_8.500001469&_mc=_upcoming_webinars_8.500001469)September 5, 2024* [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_tufi05&ch=SBX&cid=_upcoming_webinars_8.500001471&_mc=_upcoming_webinars_8.500001471)September 18, 2024* [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6923&ch=SBX&cid=_upcoming_webinars_8.500001477&_mc=_upcoming_webinars_8.500001477)September 26, 2024* [Harnessing the Power of Automation to Boost Enterprise Cybersecurity](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_autp86&ch=SBX&cid=_upcoming_webinars_8.500001472&_mc=_upcoming_webinars_8.500001472)October 3, 2024[More Webinars](/resources?types=Webinar) Events* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)October 17, 2024* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)December 10, 2024* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)October 22, 2024[More Events](/events) ### Editor’s Choice[Icon with shield and keyhole, over a digital background ](/application-security/unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-clouds)[Application Security](/application-security) [Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs](/application-security/unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-clouds)[Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs](/application-security/unfixed-microsoft-entra-id-authentication-bypass-threatens-hybrid-clouds) by[Jai Vijayan, Contributing Writer](/author/jai-vijayan) Aug 15, 2024 4 Min Read [SolarWinds logo on a phone held up horizontally; background is blurred out ](/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch)[Vulnerabilities -& Threats](/vulnerabilities-threats) [SolarWinds: Critical RCE Bug Requires Urgent Patch](/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch)[SolarWinds: Critical RCE Bug Requires Urgent Patch](/vulnerabilities-threats/solarwinds-critical-rce-bug-requires-urgent-patch) by[Dark Reading Staff](/author/dark-reading-staff) Aug 15, 2024 1 Min Read [AI code with 0s and 1s ](/application-security/darpa-aims-to-ditch-c-code-move-to-rust)[Application Security](/application-security) [DARPA Aims to Ditch C Code, Move to Rust](/application-security/darpa-aims-to-ditch-c-code-move-to-rust)[DARPA Aims to Ditch C Code, Move to Rust](/application-security/darpa-aims-to-ditch-c-code-move-to-rust) by[Robert Lemos, Contributing Writer](/author/robert-lemos) Aug 13, 2024 5 Min Read Reports* [Threat Hunting’s Evolution:From On-Premises to the Cloud](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_logr41&ch=SBX&cid=_analytics_7.300006019&_mc=_analytics_7.300006019)* [State of Enterprise Cloud Security](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6557&ch=SBX&cid=_analytics_7.300006017&_mc=_analytics_7.300006017)* [Managing Third-Party Risk Through Situational Awareness](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo171&ch=&cid=_analytics_7.300006016&_mc=_analytics_7.300006016)* [2024 InformationWeek US IT Salary Report](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg253&ch=sbx&cid=_analytics_7.300006014&_mc=_analytics_7.300006014)* [SANS Institute Survey: The State of Cloud Security](https://informationweek.com/whitepaper/cloud-security/security-management-and-analytics/sans-institute-survey-the-state-of-cloud-security/427033?cid=_analytics_7.300005899&_mc=_analytics_7.300005899)[More Reports](/resources?types=Report) White Papers* [Generative AI Gifts](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu28&ch=SBX&cid=_whitepaper_14.500005773&_mc=_whitepaper_14.500005773)* [SANS 2024 Security Awareness Report](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6822&ch=SBX&cid=_whitepaper_14.500005770&_mc=_whitepaper_14.500005770)* [Tracking the Untrackable: Taking a Proactive Approach to Emerging Risks](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_audb62&ch=SBX&cid=_whitepaper_14.500005708&_mc=_whitepaper_14.500005708)* [IT Risk -& Compliance Platforms: A Buyer’s Guide](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_audb59&ch=SBX&cid=_whitepaper_14.500005705&_mc=_whitepaper_14.500005705)* [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg237&ch=SBX&cid=_whitepaper_14.500005662&_mc=_whitepaper_14.500005662)[More Whitepapers](/resources?types=Whitepaper) Events* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)October 17, 2024* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)December 10, 2024* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)October 22, 2024[More Events](/events)

Related Tags:
CVE-2024-38856

NAICS: 444 – Building Material And Garden Equipment And Supplies Dealers

NAICS: 486 – Pipeline Transportation

NAICS: 44 – Retail Trade – Auto

Food

Home

NAICS: 48 – Transportation

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 334 – Computer And Electronic Product Manufacturing

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 333 – Machinery Manufacturing

Associated Indicators: