CVE-2024-38856: Apache OFBiz Auth Bypass + RCE

Score: 9.8
CRITICAL
Published: 2024-08-05Affected: Apache OFBiz < 18.12.15CWE-863 β†—

Is Apache OFBiz vulnerable to unauthenticated RCE?

An authentication bypass in Apache OFBiz ERP that allows unauthenticated attackers to execute arbitrary code. By exploiting view override functions, attackers bypass login and access screen render endpoints for RCE.

Impact & Exploitation

OFBiz is used by enterprises for ERP and e-commerce. Unauthenticated RCE enables data theft, financial fraud, and supply chain disruption in enterprise environments.

Related Resources

πŸ” Related CWE Entries

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-863
Published2024-08-05

Tags

erpauth-bypassrcejava

Quick Links

Is your system affected?

Precogs AI detects Apache OFBiz Auth Bypass + RCE in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-38856 Apache OFBiz Auth Bypass + RCE don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo