CVE-2024-38856 and CVE-2024-45195 - Apache OFBiz Security Vulnerabilities - August 2024 - #CVE-2024-45195
A critical remote code execution vulnerability identified as CVE-2024-45195 in Apache OFBiz has been a major focus in recent cybersecurity reports. This vulnerability allows unauthenticated attackers to execute arbitrary code, posing significant risks to systems running on both Linux and Windows servers. It has been discovered to bypass previous patches for related vulnerabilities (CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856). The exploitation of this flaw has led to data breaches, system hijacking, and has been used to deploy the Mirai botnet. Apache has released patch version 18.12.16 to address this and related vulnerabilities, urging users to update immediately. Continued vigilance, regular security updates, and robust security measures are recommended to protect against these evolving threats.