Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Critical Apache OFBiz Vulnerabilities
Alerts

Active Exploitation of Critical Apache OFBiz Vulnerabilities

12 August 2024

The Apache Software Foundation has released security updates to address two critical vulnerabilities (CVE-2024-32113 & CVE-2024-38856) in Apache OFBiz, an open-source enterprise resource planning system that provides a suite of business applications to manage various aspects of an organisation. Both vulnerabilities have a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10 and are reportedly being actively exploited.

Successful exploitation of the vulnerabilities may allow an unauthenticated attacker to perform remote code execution (RCE) on vulnerable servers.

The vulnerability, CVE-2024-32113, affects all Apache OFBiz versions before 18.12.13 and the vulnerability, CVE-2024-38856, affects all Apache OFBiz versions before 18.12.14.

Users and administrators of affected product versions are advised to update to the latest version immediately. 

More information is available here:

https://www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/