THREATOPS
THREAT OPSCVEs › CVE-2024-38856

CVE-2024-38856 — Apache OFBiz Incorrect Authorization Vulnerability

CISA KEVExploited: confirmedApache

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Vulnerability details