Outbreak Alert
Actively Targeted Zero-day
FortiGuard Labs continues to observe attack attempts targeting the recent Apache OFBiz vulnerabilities (CVE-2024-38856, CVE-2024-45195 and CVE-2024-36104) that can be exploited by threat actors through maliciously crafted unauthorized requests, leading to the remote code execution. Learn More »
Common Vulnerabilities and Exposures
Background
Apache OFBiz is an open-source enterprise resource planning (ERP) system that provides business solutions to various industries. It includes tools to manage business operations such as customer relationships, order processing, human resource functions, and more. According to open sources, there are hundreds of companies worldwide that use Apache OFBiz.
CVE-2024-38856 is an Incorrect Authorization vulnerability, meaning that an unauthenticated user can access restricted functionalities. This flaw was identified while analyzing the patch for CVE-2024-36104, which was an incomplete fix.
CVE-2024-36104 is a Path Traversal vulnerability in Apache OFBiz that exposes endpoints to unauthenticated users, who could leverage it to achieve remote code execution via specially crafted requests.
CVE-2024-45195 is a Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
FortiGuard Labs recommends users of the Apache OFBiz application to upgrade to version 18.12.16 or later to mitigate the security vulnerabilities including the latest (CVE-2024-45195).
-
February 04, 2025: CISA added Apache OFBiz Forced Browsing Vulnerability (CVE-2024-45195) to its known exploited vulnerabiltites (KEV) catalog.
-
September 04, 2024: Apache OFBiz advisory published for CVE-2024-45195, which has surfaced by bypassing previous patches for CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856.
https://issues.apache.org/jira/browse/OFBIZ-13130 -
August 27, 2024: CISA added Apache OFBiz Incorrect Authorization Vulnerability (CVE-2024-38856) to its known exploited vulnerabilitites catalog (KEV).
https://www.cisa.gov/known-exploited-vulnerabilities-catalog -
August 05, 2024: Researchers at Sonicwal discovers Apache OFBiz Zero-Day Vulnerability (CVE-2024-38856).
https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/ -
June 03, 2024: CVE-2024-36104 was disclosed by OSS-Security.
https://www.openwall.com/lists/oss-security/2024/06/03/1
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
IPS
-
Web App Security
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Cloud Threat Detection
-
Playbook
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.