Recently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for unauthenticated remote code execution (RCE), making it an especially dangerous flaw for organizations using OFBiz in their business operations. An attacker without valid credentials can exploit missing view authorization checks in the web application, bypassing previous patches, to execute arbitrary code on the server.
Since the vulnerability was disclosed, Imperva has detected over 25,000 requests targeting 4,000 unique sites, primarily within the financial services industry (FSI) and business sector. Attackers, using primarily malicious bots and tools written in Go, have attempted to exploit the vulnerability, but thanks to Imperva’s proactive defense mechanisms, customers remain unaffected.
Imperva Cloud Web Application Firewall (CWAF) and On-Prem customers are already protected against this vulnerability out-of-the-box. By leveraging Imperva’s advanced threat intelligence and continuous monitoring, clients are safeguarded from the exploitation of this vulnerability. Imperva customers are also protected against previous high-severity OFBiz vulnerabilities, including CVE-2023-51467.
For organizations using Apache OFBiz, this attack highlights the importance of maintaining up-to-date security solutions and monitoring traffic for suspicious activity. Even with protection, we urge everyone to remain vigilant and update their systems with the latest security patches.
Try Imperva for Free
Protect your business for 30 days on Imperva.