Actively Exploited Apache OFBiz Flaw Triggers Urgent Security Alert
In recent weeks, security researchers have observed an alarming uptick in scanning attempts for the CVE-2024-32113 vulnerability in Apache OFBiz, a widely used suite of enterprise software tools. The flaw, described as a path traversal issue, poses significant risks by potentially enabling attackers to execute malicious code remotely on systems running vulnerable versions of the software.
Apache OFBiz is a popular choice for building enterprise applications across various sectors, including ERP, CRM, and e-commerce. Its extensive use across industries amplifies the potential impact of this vulnerability, placing countless businesses at risk.
Researchers have confirmed that the vulnerability, classified as “important,” is being actively exploited. A significant surge in scanning activity targeting this flaw began around July 20th, with daily reports peaking at nearly 2000 by the end of the month. Attackers are already experimenting with the vulnerability and potentially incorporating it into botnets like Mirai variants.
Image: Johannes B. Ullrich
Several IP addresses have been identified as being involved in these scanning attempts. The following are notable for their activities:
- 95.214.27.196: This IP is sending exploits as URL parameters and hosting malware.
- 83.222.191.62: This IP is sending exploits as request bodies, with malware hosted on 185.196.10.231. Earlier in July, this IP was observed scanning for IoT vulnerabilities.
- 185.196.10.231: This IP is currently hosting malware.
These IP addresses are contributing to the surge in scanning attempts, indicating that attackers are experimenting with the vulnerability and possibly incorporating it into automated attack tools, such as Mirai variants.
The Apache OFBiz team has released version 18.12.13 to address this critical issue. Organizations using Apache OFBiz are strongly urged to update to this version immediately to protect their systems and data.
