HomeVulnerabilityApache OFBiz patches new important distant code execution flaw

Apache OFBiz patches new important distant code execution flaw

Apache OFBiz, initially named Open for Enterprise, is a Java-based ERP net software and growth framework that gives modules for managing enterprise processes resembling accounting, HR, provide chain administration, product catalog administration, buyer relationship administration (CRM), manufacturing, e-commerce and extra. The framework underpinning it may also be used to construct further customized purposes and options.

The software program is used globally and throughout many industries, however it’s unclear what number of organizations have Apache OFBiz since many makes use of it internally. Primarily based on public information, its customers embody giant corporations resembling IBM, HP, Accenture, United Airways, Dwelling Depot, and Upwork. Some third-party industrial purposes like Atlassian JIRA additionally use OFBiz modules.

Fragmenting the controller-view map state

The foundation trigger for CVE-2024-45195 and the earlier three associated flaws are incorrect or inadequate authorization checks for authenticated view maps as a result of the state between the referred to as controller and the accessed view map is corrupted.

See also  Proactive, not reactive: the trail to making sure operational resilience in cybersecurity
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular