Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)

Description

OFBiz has a authentication bypass vulnerability leading to RCE. An attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of OFBiz

References

[SECURITY] (CVE-2024-32113) Path traversal leading to RCE

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Related Vulnerabilities

XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31986)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.18)

WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)

Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2012-1160)

Severity

Critical

Classification

CVE-2024-32113 CVE-2024-36104 CVE-2024-38856 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Authentication Bypass Code Execution Known Vulnerabilities