Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Increased Activity Against Apache OFBiz CVE-2024-32113

Aug. 1, 2024, 9:30 a.m.

Description

Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code execution, affects versions prior to 18.12.13. Attackers have been exploiting the vulnerability by inserting a semicolon and accessing restricted URLs, allowing them to execute arbitrary code on vulnerable systems. Observed exploitation attempts involve hosting malicious scripts and attempting to download and execute them on compromised servers. While the vulnerable population is relatively small, threat actors are actively scanning for and exploiting this vulnerability.

Date

Published: Aug. 1, 2024, 9:01 a.m.

Created: Aug. 1, 2024, 9:01 a.m.

Modified: Aug. 1, 2024, 9:30 a.m.

Indicators

185.196.10.231

95.214.27.196

83.222.191.62

http://95.214.27.196/where/bin.sh

http://185.196.10.231/sh

Attack Patterns

T1609

T1210

T1190

CVE-2024-32113