Original Post: Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)
A critical vulnerability in the Apache OFBiz framework, designated CVE-2024-45195, has been disclosed, allowing unauthenticated remote code execution (RCE). This vulnerability is severe as it enables attackers without credentials to exploit missing view authorization checks to execute arbitrary code on the server. Since its disclosure, over 25,000 exploitation attempts have targeted 4,000 unique sites, mostly in the financial services and business sectors. However, Imperva’s proactive defense measures have protected its customers from these attempts. Imperva Cloud Web Application Firewall (CWAF) and On-Prem customers are safeguarded out-of-the-box against this and previous OFBiz vulnerabilities such as CVE-2023-51467. Organizations using OFBiz are urged to keep their security solutions updated and monitor for suspicious activities. Imperva also offers a 30-day free trial to protect businesses.
Go here to read the Original Post