CVE-2024-38856: Apache OFBiz Incorrect Authorization Vulnerability

First published: Sun Aug 04 2024(Updated: )

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Credit: security@apache.org security@apache.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/oss-sec
• source/oss-sec
• alias/CVE-2024-38856
• agent/first-publish-date
• agent/weakness
• agent/type
• agent/author
• collector/bleeping-computer
• source/BleepingComputer
• alias/CVE-2024-32113
• alias/CVE-2024-36971
• agent/remedy
• agent/description
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/severity
• collector/mitre-cve
• source/MITRE
• agent/title
• agent/last-modified-date
• collector/the-register
• source/The Register
• alias/CVE-2024-7029
• alias/CVE-2014-8361
• alias/CVE-2017-17215
• alias/CVE-2024-7965
• alias/CVE-2024-45195
• alias/CVE-2024-36104
• alias/CVE-2023-49070
• exploited/true
• collector/cisa-known-exploited
• source/CISA
• agent/references
• agent/softwarecombine
• agent/tags
• agent/event
• collector/nvd-cve
• vendor/apache
• canonical/apache ofbiz
• version/apache ofbiz/18.12.15