Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Apache OFBiz Hit by Critical Zero-Day Vulnerability: Patch ASAP to Avoid Remote Code Execution Disaster
A zero-day vulnerability in Apache OFBiz (CVE-2024-38856) allows remote code execution without authentication. With a CVSS score of 9.8, this flaw compromises versions prior to 18.12.15. SonicWall found that unauthenticated access to critical endpoints via the override view functionality opens the door for threat actors.
Hot Take:
Another day, another zero-day! Looks like Apache OFBiz’s security is about as solid as a wet paper towel. Someone call IT, and maybe a therapist for the developers while you’re at it.
Key Points:
- New zero-day pre-authentication remote code execution vulnerability disclosed in Apache OFBiz.
- Tracked as CVE-2024-38856 with a CVSS score of 9.8 out of 10.
- Affects versions prior to 18.12.15.
- Flaw lies in the authentication mechanism, allowing unauthenticated access.
- Related to previously patched vulnerabilities CVE-2024-36104 and CVE-2024-32113.
Already a member? Log in here