Apache OfBiz – TheCyberThrone

CISA KEV Catalog Update Part I – February 2025

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) catalog on February 4, 2025, adding four new vulnerabilities that have been actively exploited in the…

PravinKarthik February 5, 2025

Apache OFBiz Vulnerability CVE-2024-45195 actively exploited

Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that allows attackers to bypass authorization checks and execute arbitrary code on the…

PravinKarthik September 13, 2024

CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog

The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitation CVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that…

PravinKarthik August 28, 2024

Apache OFBiz fixes CVE-2024-38856

Apache OFBiz has released an urgent security advisory due to the potential for unauthorized code execution. The vulnerability tracked as CVE-2024-38856 stems into an incorrect authorization handling within Apache OFBiz…

PravinKarthik August 5, 2024

Apache OfBiz Vulnerability CVE-2024-32113 Exploited in wild

Security researchers have observed up ticking reconnaissance attempts for the CVE-2024-32113 vulnerability in Apache OFBiz. The vulnerability, described as a path traversal issue, poses significant risks by potentially enabling attackers…

PravinKarthik August 1, 2024

Apache OFBiz Patches CVE-2024-36104

The Apache Software Foundation has issued a critical security patch to address a vulnerability in Apache OFBiz, that could allow remote attackers to execute arbitrary code on affected systems, potentially…

PravinKarthik June 3, 2024

Apache OFBiz Vulnerabilities – CVE-2023-50968 & CVE-2023-51467

Researchers have identified two vulnerabilities in Apache OFBiz is an open-source product for the automation of enterprise processes. CVE-2023-50968: File Reading Vulnerability The vulnerability rated as ‘important‘, CVE-2023-50968 exposes a…

PravinKarthik December 30, 2023

Critical RCE in Apache OfBiz..

The Apache Software Foundation addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning (ERP)…

PravinKarthik March 22, 2021