First published: Sun Aug 04 2024(Updated: )
Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache OFBiz | ||
Apache OFBiz | <18.12.15 |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-38856 is classified as a critical vulnerability due to its potential for remote code execution by an unauthenticated attacker.
To fix CVE-2024-38856, upgrade to Apache OFBiz version 18.12.15 or later.
CVE-2024-38856 is an incorrect authorization vulnerability that can lead to remote code execution.
CVE-2024-38856 affects all versions of Apache OFBiz prior to 18.12.15.
Yes, CVE-2024-38856 can be exploited remotely by an unauthenticated attacker.