POLICY-OTHER --
POLICY-OTHER Apache OFBiz EntitySQLProcessor arbitrary SQL command execution attempt
This rule looks for HTTP requests sent to the "EntitySQLProcessor" endpoint in Apache OFBiz web applications that contain arbitrary SQL commands.
This rule fires on attempts to invoke the "EntitySQLProcessor" endpoint in Apache OFBiz web applications. This endpoint allows for the execution of arbitrary SQL commands. Before the patch for CVE-2024-38856, this endpoint did not require any authentication.
Public information/Proof of Concept available
Known false positives, with the described conditions
This rule alerts on all attempts to execute arbitrary SQL commands via the "sqlCommand" parameter via the "/EntitySQLProcessor" endpoint on Apache OFBiz web applications.
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2024-38856Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). |
|
||||||||||||||||||||||||||||||
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
