Increased Activity Against Apache OFBiz CVE-2024-32113
Aug. 1, 2024, 9:30 a.m.
Tags
External References
Description
Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code execution, affects versions prior to 18.12.13. Attackers have been exploiting the vulnerability by inserting a semicolon and accessing restricted URLs, allowing them to execute arbitrary code on vulnerable systems. Observed exploitation attempts involve hosting malicious scripts and attempting to download and execute them on compromised servers. While the vulnerable population is relatively small, threat actors are actively scanning for and exploiting this vulnerability.
Date
Published: Aug. 1, 2024, 9:01 a.m.
Created: Aug. 1, 2024, 9:01 a.m.
Modified: Aug. 1, 2024, 9:30 a.m.
Indicators
185.196.10.231
95.214.27.196
83.222.191.62
http://95.214.27.196/where/bin.sh
http://185.196.10.231/sh
Attack Patterns
T1609
T1210
T1190
CVE-2024-32113