CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource planning (ERP) that encompasses web applications that serve common business needs, such as human resources, accounting, inventory management, customer relationship management, marketing and so on. CVE-2024-38856 – whose discovery has been credited to Hasib Vhora, a … More

The post Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) appeared first on Help Net Security.