CVE-2024-38856 - Authorization
CVE Information
Original CVE data
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Apache - (1)
Basic Analysis
Common vulnerability metrics
Authorization
-
Exploits are available either through exploit packs, Github repos or the world wide web in general.
Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog
-
No sightings of the vulnerability within threat reports.
Cybersecurity Frameworks
How the vulnerability maps against various cybersecurity frameworks
Compliance Impact
How the submited vulnerability affects compliance
Web Application Security Frameworks
Applicable if the issue likely affects a web application