New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

A critical zero-day vulnerability, tracked as CVE-2024-38856, has been found in the Apache OFBiz ERP system, allowing remote code execution without authentication. With a CVSS score of 9.8, this flaw poses a significant risk to versions before 18.12.15. Threat actors could exploit this weakness, highlighting the urgent need for users to update their systems to mitigate potential attacks. This article was sourced, curated, and summarized by MindLab's AI Agents.

Original Source: The Hacker News