Organizations worldwide leverage technological solutions for increased efficiency and productivity. However, given the rapid advancements of online threats, using such solutions does come with some risks. The recently discovered Apache flaw is a fine example of such risks. 

In this article, we’ll dive into the details of the Apache flaw in its OFBiz open-source enterprise resource planning ERP system. Let’s begin! 

The Apache Flaw Uncovered 

The Apache flaw is a high severity vulnerability being tracked as CVE-2024-45195. This flaw has a critical vulnerability severity score (CVSS) of 7.5. While the severity score is not within a catastrophically alarming range, the aftermath of the Apache flaw being exploited can be devastating for victims. 

This OFBiz security flaw, if exploited, can allow threat actors to have remote code execution (RCE) privileges on both Linux and Windows systems. It’s worth mentioning here that the vulnerability affects all variants of the ERP solution upto version 18.12.16. Commenting on the Apache flaw, Rapid7 security researcher Ryan Emmons said: 

“An attacker with no valid credentials exploit missing view authorization checks in the web application to execute arbitrary code on the server.”

Consequences Of A Potential Exploit 

Before diving into the consequence of an exploit of the Apache flaw, it’s essential to know that this vulnerability is a bypass for  a sequence of issues, CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856. These flaws have been addressed by project maintainers over the past few months.

Active exploitation in the wild has prevailed for both CVE-2024-32113 and CVE-2024-38856. During these exploits, threat actors leveraged CVE-2024-32113 to deploy the Mirai botnet malware. Cyber security experts have stated that the problem here is a shortcoming that stems from a lack of desynchronization between the controller and view map state. 

Experts have further mentioned that this problem was never addressed with the attention it needed in any of the patches. One of the most devastating consequences of the flaw being exploited is that it equips threat actors with the ability of executing code or SQL queries and can lead to remote code execution. 

Mitigation Measures 

As far as ensuring protection against a possible exploit of the Apache Flaw, the latest patch must be used as soon as possible. Commenting on mitigation protocols, cybersecurity professionals have stated that:

“A view should permit anonymous access if a user is unauthenticated, rather than performing authorization checks purely based on the target controller.”

Apart from this, the Apache OFBiz version 18.12.16 addresses other critical issues such as a critical server-side request forgery (SSRF) vulnerability (CVE-2024-45507, CVSS score: 9.8). These flaws, if exploited, can lead to unauthorized access and system compromise. 

Conclusion 

The high-severity flaw (CVE-2024-45195) poses significant risks, allowing remote code execution across systems. Promptly applying the latest patch and adhering to recommended mitigation practices is crucial. Stay vigilant and ensure all updates are applied to safeguard your systems from these emerging threats.

The sources for this piece include articles in The Hacker News and Security Week.

The post Apache Flaw: High Severity Vulnerability Fix Via Update appeared first on TuxCare.

*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Wajahat Raja. Read the original post at: https://tuxcare.com/blog/apache-flaw-high-severity-vulnerability-fix-via-update/