Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Apache Zero-Day Allows Remote Code Execution

August 6, 2024
Reading Time: 3 mins read
in Alerts
Apache Zero-Day Allows Remote Code Execution

A critical zero-day vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system, has been identified, allowing unauthenticated attackers to execute arbitrary code remotely. Tracked as CVE-2024-38856, this high-severity flaw has a CVSS score of 9.8 and impacts all versions of Apache OFBiz up to and including 18.12.14. The vulnerability was uncovered by SonicWall’s Capture Labs threat research team and results from a flaw in the override view functionality, which exposes sensitive endpoints to attackers who can exploit specially crafted requests to gain unauthorized access and execute code.

Apache OFBiz is widely utilized by organizations for managing various business functions, including accounting, human resources, customer relationship management, and e-commerce. With approximately 170 companies using the software, including notable names like United Airlines, Atlassian JIRA, Home Depot, HP, and Upwork, the vulnerability poses a significant risk to a broad range of enterprise environments. The flaw was discovered while researchers were analyzing a previously patched vulnerability (CVE-2024-36104) and revealed that certain request manipulations could bypass authentication checks and access restricted endpoints.

Following the responsible disclosure of the vulnerability by SonicWall, the Apache OFBiz team acted swiftly to develop and release a patch. Users are strongly encouraged to upgrade their installations to version 18.12.15 or newer to address this critical security issue and protect their systems from potential exploitation. The quick response underscores the importance of maintaining up-to-date security practices and promptly addressing vulnerabilities in critical business software.

Although there is currently no evidence of active exploitation of CVE-2024-38856 in the wild, the critical nature of the vulnerability and its potential impact on widely used enterprise software make immediate action imperative. The discovery and patching of this vulnerability mark SonicWall’s second significant finding in Apache OFBiz within recent months, following another critical flaw identified in December 2023. This highlights the ongoing need for rigorous security assessments and timely updates to safeguard against emerging threats.

Reference:

  • Apache OFBiz Zero-Day Vulnerability Allows Unauthenticated Remote Code Execution
Tags: Apache OfBizAtlassian JIRAAugust 2024Cyber AlertsCyber Alerts 2024Cyber threatsHome DepotHPSonicWallUnited AirlinesUpworkVulnerabilityZero-Day
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial