An IT safety alert replace for a recognized vulnerability has been issued for Apache OFBiz. You can learn the way affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for Apache OFBiz on May 9, 2024. Linux and UNIX working techniques and the Apache OFBiz product are affected by a safety vulnerability. This alert was final up to date on May 20, 2024.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Exploit-DB 52020 (From 20 May 2024). Some helpful hyperlinks are listed later on this article.
A vital vulnerability in Apache OFBiz has been found
Risk stage: 4 (vital)
CVSS Base Score: 9.8
CVSS interim rating: 9.1
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS commonplace makes it potential to match potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances which will change over time are thought-about within the check. The vulnerability talked about right here is classed as “vital” in keeping with CVSS with a base rating of 9.8.
Apache OFBiz Bug: Vulnerability permits code execution
Apache OFBiz is a enterprise software system and framework for growing different purposes.
A distant, unknown attacker may exploit a vulnerability in Apache OFBiz to execute arbitrary code.
Vulnerabilities had been categorised utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every serial quantity CVE-2024-32113.
Systems affected by the safety hole at a look
Operating techniques
Linux, UNIX
Products
Apache OFBiz
General steps for coping with IT vulnerabilities
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically incorporates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly test if IT safety alert Affected producers present a brand new safety replace.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Use DB 52020 dated 2024-05-20 (20.05.2024)
For extra data, see:
Apache OFBiz Mailing List vom 2024-05-08 (09.05.2024)
For extra data, see:
Version historical past of this safety alert
This is model 2 of this Apache OFBiz IT safety discover. This doc will probably be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.
May 9, 2024 – First model
May 20, 2024 – Exploit added
+++ Editorial notice: This doc relies on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de