Organizations utilizing Apache OFBiz have been warned to promptly address a critical vulnerability due to escalating exploitation attempts targeting a recently identified security flaw.
Tracked as CVE-2024-38856, the vulnerability was disclosed over the weekend. Apache OFBiz developers confirmed versions through 18.12.14 are impacted and included a fix in version 18.12.15.
There is evidence suggesting that attackers are experimenting with the new vulnerability, possibly integrating it into variants of the Mirai botnet. Apache OFBiz, a free framework for creating enterprise resource planning (ERP) applications, is used by several major companies, primarily in the US, India and Europe.