CVE-2024-38856: Apache OFBiz Incorrect Authorization Vulnerability. Apache
Apache OFBiz Incorrect Authorization Vulnerability. Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
- CISA KEV-listed (remediation due 2024-09-17)
- EPSS 94.4% (100.0% percentile)