Summary
Apache Software Foundation has released a security update for the OFBiz product that fixes a vulnerability with a severity of “high.” This vulnerability, if exploited, could allow a remote attacker, under certain conditions, to manipulate the screen output on the affected instance.
Notes (updated 08/29/2024): CVE-2024-38856 is being actively exploited online.
Risk (updated 08/29/2024)
Vulnerability community impact estimate: SEVERE/RED (75.12/100)1.
Type
- Data Manipulation
Affected products and/or versions
Apache OFBiz, versions prior to 18.12.15
Mitigation actions
In line with vendor statements, it is recommended to take mitigation actions by following the instructions provided in the security bulletin reported in the References section.
Unique vulnerability identifiers
References
https://seclists.org/oss-sec/2024/q3/142
https://ofbiz.apache.org/security.html
1This estimate is made taking into account various parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
