Ad Gaming: Video Games Amazon | Best Sellers | Pre-Orders | New Releases
Ad Gaming: Call of Duty Black Ops 6 - PlayStation 4/5, Xbox Series X
Ad Gaming: Microsoft Store
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.
Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.
“The root cause of the vulnerability lies in a flaw in the authentication mechanism,” SonicWall, which discovered and reported the shortcoming, said in a statement.
“This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution.”
CVE-2024-38856 is also a patch bypass for CVE-2024-36104, a path traversal vulnerability that was addressed in…
Source thehackernews.com
Terms of use and third-party services. More here.
Ad Amazon Gaming Laptops, clothing, games and more
Ad Amazon MUSIC Artists Merch Shop
Soccer | NFL | NBA | Ads. Amazon
Sports Fan Rings | Sports Fan Football | Sports Fan Jerseys | Sports Fan T-Shirts | Sports Fan Shoes | Sports Fan Jewelry | Puffer Jackets |