Popular open-source enterprise Resource Planning (ERP) system, Apache OFBiz, recently discovered harboring a critical Remote Code Execution (RCE) vulnerability. Tracked as CVE-2024-45195, the Apache OFBiz vulnerability could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers running OFBiz. Thankfully, the Apache security team has addressed the issue in the latest update, urging users to patch their installations immediately.
Understanding the Apache OfBiz RCE Vulnerability (CVE-2024-45195)
The vulnerability, discovered by Rapid7 security researchers, stems from missing authorization checks within the OFBizEweb application. This weakness, categorized as a forced browsing vulnerability, exposes restricted paths to unauthenticated direct request attacks.
“An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server,” 1 explained security researcher Ryan Emmons in a report.
In simpler terms, an attacker could potentially exploit this vulnerability by crafting a specially designed URL that bypasses authentication protocols. If successful, this could grant the attacker the ability to execute malicious code on the server, potentially leading to complete system compromise.
Potential Consequences of the Exploit
The consequences of exploiting CVE-2024-45195 could be severe for organizations relying on OFBiz. Here are some potential risks:
- Data Theft and Leakage: Attackers could gain access to sensitive information stored on the server, including customer data, financial records, and intellectual property.
- Disruption of Operations: The execution of malicious code could disrupt critical business processes, leading to downtime and financial losses.
- Lateral Movement and Persistence: Exploiting this vulnerability could be a stepping stone for attackers to gain a foothold in the network and launch further attacks within the system.
Apache Patches Flaw
The Apache Software Foundation (ASF) has released a patch (version 18.12.16) that addresses CVE-2024-45195. This update strengthens the authorization checks within the OFBiz application, preventing unauthorized access to restricted paths.
Emmons explained that CVE-2024-45195 patch is a bypass for three other OFBiz vulnerabilities that have been addressed in the past few months and are tracked as CVE-2024-32113, CVE-2024-36104, and CVE-2024-38856.
CVE-2024-32113 had been exploited in attacks using the Mirai botnet, highlighting the serious risks associated with such flaws. Meanwhile, CVE-2024-38856 was rated with a CVSS score of 9.8 by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) , classifying it as critical in severity. The vulnerability allowed attackers to execute remote code without prior authentication, posing a severe risk to affected systems.
Based on our analysis, three of these vulnerabilities are, essentially, the same vulnerability with the same root cause,” Emmons said.
All of them are caused by a controller-view map fragmentation issue that enables attackers to execute code or SQL queries and achieve remote code execution sans authentication.
The latest patch put in place “validates that a view should permit anonymous access if a user is unauthenticated, rather than performing authorization checks purely based on the target controller.”
Importance of Security in Open-Source Software
The discovery of CVE-2024-45195 serves as a reminder of the importance of security in open-source software. While open-source tools offer numerous benefits, they also require consistent vigilance and patching to address vulnerabilities promptly. Users are responsible for keeping their deployments up-to-date and implementing additional security measures to mitigate risks.
The patching of CVE-2024-45195 is a positive step forward, but it’s vital to remain vigilant. The ever-evolving cyber threat landscape necessitates continuous monitoring and proactive security measures. By implementing a comprehensive security strategy, organizations using OFBiz can minimize their attack surface and safeguard their critical data.