Apache OfBiz Critical Update - 20241121001¶
Overview¶
The Apache Software Foundation has released important security updates to address two critical vulnerabilities in Apache OFBiz. The vulnerabilities could allow an attacker to perform arbitrary code execution on vulnerable systems and potentially compromise sensitive data.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Apache OFBiz | Prior to version 18.12.17 | CVE-2024-47208 CVE-2024-48962 |
9.8 8.9 |
Critical High |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours... (refer Patch Management):