Description
Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code execution, affects versions prior to 18.12.13. Attackers have been exploiting the vulnerability by inserting a semicolon and accessing restricted URLs, allowing them to execute arbitrary code on vulnerable systems. Observed exploitation attempts involve hosting malicious scripts and attempting to download and execute them on compromised servers. While the vulnerable population is relatively small, threat actors are actively scanning for and exploiting this vulnerability.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 1, 2024, 9:01 a.m. | Aug. 1, 2024, 9:01 a.m. | Aug. 1, 2024, 9:30 a.m. |
Indicators
http://95.214.27.196/where/bin.sh
http://185.196.10.231/sh
Attack Patterns
T1609
T1210
T1190
CVE-2024-32113