About the Vulnerability
Introduction
Apache OFBiz is a business application set that is flexible enough to be used in any industry. The generic architecture allows developers to easily extend or enhance it to create custom functionalities.
Summary
On August 20, 2024, Sangfor FarSight Labs received notification that an Apache-ofbiz component contains information of code execution vulnerability(CVE-2024-38856), classified as high in threat level.
The official release of the new version patches the CVE-2024-38856 Apache OFBiz code execution vulnerability, which could be exploited by attackers to construct malicious requests to execute arbitrary code and take control of the server.
Affected Versions
Apache OFBiz < 18.12.15
Vulnerability Verification
Sangfor FarSight Labs has reproduced the vulnerability, and the screenshot is as follows
Solutions
Remediation Solutions
Check the System Version
The bottom right corner of the web page records the current service version information.
Official Solution
Affected users are strongly advised to update the version of Ofbiz.
Download link: https://ofbiz.apache.org/download.html
Sangfor Solutions
Risky Assets Detection
Support is provided for proactive detection of Apache-ofbiz; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:
[Sangfor CWPP] has released an asset detection scheme, with Fingerprint ID: 0004890.
[Sangfor Host Security] has also released an asset detection scheme, with Fingerprint ID: 0004890.
Vulnerability Proactive Detection
Support is provided for proactive detection of the Apache OFBiz code execution vulnerability (CVE-2024-38856); and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:
[Sangfor Host Security] is expected to release a detection scheme on August 23, 2024, with Rule ID: SF-0005-21012.
[Sangfor Cyber Guardian/Nova MDR] is expected to release a detection scheme on August 29, 2024 (requiring TSS component capabilities), with Rule ID: SF-0005-21012.
[Sangfor Omni-Command/Nova XDR] is expected to release a detection scheme on August 23, 2024 (requiring Host Security component capabilities), with Rule ID: SF-0005-21012.
Vulnerability Security Detection
Support is provided for monitoring the Apache OFBiz code execution vulnerability (CVE-2024-38856); and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:
[Sangfor Cyber Command/NovaCommand] has released a monitoring scheme, with Rule ID: 11028820.
[Sangfor Cyber Guardian/Nova MDR] has released a monitoring scheme (requiring SIP component capabilities), with Rule ID: 11028820.
[Sangfor Omni-Command/Nova XDR] has released a monitoring scheme, with Rule ID: 11028820.
Safety Protection
Support is provided for defense against the Apache OFBiz code execution vulnerability (CVE-2024-38856); and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:
[Sangfor Network Secure] has released a protection scheme, with Rule ID: 11028820.
[Sangfor WAF] has released a protection scheme, with Rule ID: 11028820.
[Sangfor Cyber Guardian/Nova MDR] has released a protection scheme (requiring AF component capabilities), with Rule ID: 11028820.
[Sangfor Omni-Command/Nova XDR] has released a protection scheme (requiring AF component capabilities), with Rule ID: 11028820.
Timeline
On August 09, 2024, Sangfor FarSight Labs received notification of the Apache OFBiz code execution vulnerability.
On August 20, 2024, Sangfor FarSight Labs released a vulnerability alert.
References
https://issues.apache.org/jira/browse/OFBIZ-13128
https://ofbiz.apache.org/security.html
https://ofbiz.apache.org/download.html
