March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Remcos RAT – Active IOCs
June 4, 2024FlyingYeti Leverages WinRAR Flaw to Launch Malware Attacks – Active IOCs
June 4, 2024Remcos RAT – Active IOCs
June 4, 2024FlyingYeti Leverages WinRAR Flaw to Launch Malware Attacks – Active IOCs
June 4, 2024
Severity
High
Analysis Summary
CVE-2024-36104
Apache OFBiz could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing "dot dot" sequences to execute arbitrary code on the system.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-36104
Affected Vendors
Apache
Affected Products
- Apache OFBiz 18.12.13
Remediation
Upgrade to the latest version of Apache OFBiz, available from the Apache Website.