
The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitation
CVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker
The agency set September 17, 2024, as a deadline for all the federal agencies to remediate the vulnerability


