CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog

CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog


The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitation

CVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker

The agency set September 17, 2024, as a deadline for all the federal agencies to remediate the vulnerability

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.