Known Exploited Vulnerability
9.8
CRITICAL
CVE-2024-38856
Apache OFBiz Incorrect Authorization Vulnerability - [Actively Exploited]
Description

Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).

INFO

Published Date :

Aug. 5, 2024, 9:15 a.m.

Last Modified :

Nov. 21, 2024, 9:26 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w; https://nvd.nist.gov/vuln/detail/CVE-2024-38856

Public PoC/Exploit Available at Github

CVE-2024-38856 has a 26 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-38856 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Apache ofbiz
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38856.

URL Resource
https://issues.apache.org/jira/browse/OFBIZ-13128 Issue Tracking
https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w Mailing List Vendor Advisory
https://ofbiz.apache.org/download.html Product
https://ofbiz.apache.org/security.html Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/04/1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

CVE-2024-38856 是 Apache OFBiz 中的一个严重漏洞,允许未经身份验证的攻击者在受影响的系统上执行任意代码。

Python

Updated: 2 weeks ago
2 stars 0 fork 0 watcher
Born at : Nov. 23, 2024, 3:54 a.m. This repo has been linked 1 different CVEs too.

A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities

attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc

Updated: 2 weeks ago
1 stars 2 fork 2 watcher
Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

HTML

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : Sept. 20, 2024, 3:27 a.m. This repo has been linked 210 different CVEs too.

None

Updated: 3 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 9, 2024, 1:28 a.m. This repo has been linked 128 different CVEs too.

None

HTML

Updated: 2 months, 3 weeks ago
2 stars 1 fork 1 watcher
Born at : Sept. 4, 2024, 9:24 a.m. This repo has been linked 128 different CVEs too.

Apache OFBiz CVE-2024-38856

Go

Updated: 3 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : Aug. 28, 2024, 3:17 a.m. This repo has been linked 1 different CVEs too.

Nuclei template to scan for Apache Ofbiz affecting versions before 18.12.15

Updated: 3 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Aug. 27, 2024, 9:16 p.m. This repo has been linked 1 different CVEs too.

CVE-2024-38856 Exploit

Shell

Updated: 3 months, 1 week ago
9 stars 1 fork 1 watcher
Born at : Aug. 22, 2024, 4:05 a.m. This repo has been linked 2 different CVEs too.

Exploit for CVE-2024-38856 affecting Apache OFBiz versions before 18.12.15

Python

Updated: 3 months, 2 weeks ago
1 stars 1 fork 1 watcher
Born at : Aug. 18, 2024, 3:19 p.m. This repo has been linked 1 different CVEs too.

Tiger是一款在攻防演练中对目标资产重点系统指纹识别、精准漏扫的工具。是一款打点神器。

Updated: 2 weeks, 5 days ago
104 stars 8 fork 8 watcher
Born at : Aug. 18, 2024, 7:19 a.m. This repo has been linked 29 different CVEs too.

Perform With Massive Apache OFBiz Zero-Day Scanner & RCE

Python

Updated: 3 weeks, 6 days ago
1 stars 0 fork 0 watcher
Born at : Aug. 10, 2024, 3:05 a.m. This repo has been linked 1 different CVEs too.

Mass Exploit - CVE-2024-38856 [Remote Code Execution]

Python

Updated: 4 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Aug. 9, 2024, 11:26 a.m. This repo has been linked 1 different CVEs too.

Apache OFBiz RCE Scanner & Exploit (CVE-2024-38856)

apache apache-ofbiz cve-scanning exploit exploitation rce-exploit rce-scanner

Python

Updated: 3 weeks ago
39 stars 11 fork 11 watcher
Born at : Aug. 8, 2024, 2:40 a.m. This repo has been linked 1 different CVEs too.

None

Python Shell C++

Updated: 4 months ago
2 stars 0 fork 0 watcher
Born at : Aug. 5, 2024, 9:16 a.m. This repo has been linked 4 different CVEs too.

None

HTML

Updated: 3 weeks, 4 days ago
6 stars 0 fork 0 watcher
Born at : Aug. 2, 2024, 6:07 a.m. This repo has been linked 123 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38856 vulnerability anywhere in the article.

  • The Cyber Express
Google Addresses Critical Baseband Flaws, Strengthens Pixel Defenses

Google recently addressed a flaw within cellular modem vulnerabilities that can pose risk to smartphone users. The cellular baseband is responsible for handling all cellular communications, including ... Read more

Published Date: Oct 04, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Ajina.Banker: Unmasking the Android Malware Targeting Central Asian Banks

Screenshot of the sample found on the VirusTotal platformCybersecurity analysts at Group-IB have uncovered a sophisticated malware campaign targeting bank customers in Central Asia. Dubbed “Ajina.Bank ... Read more

Published Date: Sep 16, 2024 (3 months ago)
  • TheCyberThrone
Apache OFBiz Vulnerability CVE-2024-45195 actively exploited

Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that  allows attackers to bypass authorization checks and execute arbitrary code on the server, even without v ... Read more

Published Date: Sep 13, 2024 (3 months ago)
  • Cybersecurity News
Hackers target Apache OFBiz RCE flaw CVE-2024-45195 after PoC exploit released

Image: Rapid7According to a report from Imperva, over 25,000 malicious requests targeting 4,000 unique sites have been detected since the CVE-2024-45195 vulnerability in Apache OFBiz was disclosed. Th ... Read more

Published Date: Sep 13, 2024 (3 months ago)
  • security.nl
Apache verhelpt kritieke RCE-kwetsbaarheid in ERP-oplossing OFBiz

Apache heeft een kritieke kwetsbaarheid in ERP-oplossing OFBiz verholpen waardoor een ongeauthenticeerde aanvaller op afstand code op het ERP-systeem kan uitvoeren. Onlangs werden twee andere beveilig ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • The Cyber Express
Critical RCE Vulnerability Patched in Apache OFBiz (CVE-2024-45195)

Popular open-source enterprise Resource Planning (ERP) system, Apache OFBiz, recently discovered harboring a critical Remote Code Execution (RCE) vulnerability. Tracked as CVE-2024-45195, the Apache O ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • Help Net Security
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • The Hacker News
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

Cybersecurity / Vulnerability A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenti ... Read more

Published Date: Sep 06, 2024 (3 months, 1 week ago)
  • BleepingComputer
Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. ... Read more

Published Date: Sep 05, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Revival Hijack: A New PyPI Hijacking Technique Threatens Thousands of Packages

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more

Published Date: Sep 05, 2024 (3 months, 1 week ago)
  • Cybersecurity News
Publicly Exposed GenAI Development Services Raise Serious Security Concerns

Access to the API without the need for any authentication | Image: Legit SecurityA new report released by Legit Security has raised significant concerns about the security posture of publicly accessib ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Proof-of-Concept Exploit Released for WhatsUp Gold Authentication Bypass (CVE-2024-6670)

Researcher Sina Kheirkhah of the Summoning Team has published the technical details and a proof-of-concept (PoC) exploit for a critical vulnerability, identified as CVE-2024-6670, affecting Progress S ... Read more

Published Date: Sep 02, 2024 (3 months, 2 weeks ago)
  • The Register
Check your IP cameras: There's a new Mirai botnet on the rise

in brief A series of IP cameras still used all over the world, despite being well past their end of life, have been exploited to create a new Mirai botnet. The vulnerability (CVSS 8.7, CVE-2024-7029) ... Read more

Published Date: Aug 31, 2024 (3 months, 2 weeks ago)
  • Dark Reading
Exploited: CISA Highlights Apache OFBiz Flaw After PoC Emerges

Source: tofino via Alamy Stock PhotoCISA has added a critical security flaw in the Apache OFBiz open source enterprise resource planning (ERP) system to its Known Exploited Vulnerabilities (KEV) catal ... Read more

Published Date: Aug 29, 2024 (3 months, 2 weeks ago)
  • security.nl
Apache OFBiz ERP-systemen opnieuw doelwit van aanvallen

Apache OFBiz ERP-systemen zijn opnieuw het doelwit van aanvallen, zo waarschuwt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerikaanse ministerie van Homeland Security. OFBiz ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • The Cyber Express
Critical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a security vulnerability affecting Apache OFBiz, the open-source enterprise resource planning (ERP) system. This Apache OFB ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • The Hacker News
CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports

Software Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
WordPress WPML Plugin Critical Vulnerability CVE-2024-6386

Researchers have uncovered a critical vulnerability in WPML multilingual CMS Plugin for WordPress that leads to a Remote Code Execution, which potentially allows the compromise of impacted websites.Th ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • TheCyberThrone
CISA adds Apache OFBiz Vulnerability CVE-2024-38856 to KEV Catalog

The U.S. CISA adds Apache OFBiz vulnerability to its KEV catalog following the mass exploitationCVE-2024-38856 : Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect ... Read more

Published Date: Aug 28, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
CISA Warns of Actively Exploited Apache OFBiz CVE-2024-38856 Vulnerability, PoC Available

Image: securelayer7The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about an actively exploited security flaw in Apache OFBiz, a popular open-source enterp ... Read more

Published Date: Aug 27, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
Log4j Exploited Again: New Campaign Targets Vulnerable Systems with Crypto-Mining and Backdoors

Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog Sec ... Read more

Published Date: Aug 22, 2024 (3 months, 3 weeks ago)
  • Cybersecurity News
Gafgyt Botnet: Now Exploiting GPU Power in Cloud-Native Environments

Gafgyt attack flow | Image: Aqua NautilusResearchers at Aqua Nautilus have identified a new variant of the Gafgyt botnet that represents a significant evolution in malware targeting strategies. Origin ... Read more

Published Date: Aug 19, 2024 (3 months, 4 weeks ago)
  • Cybersecurity News
Google Pixel Phones Exposed: Millions at Risk Due to Pre-Installed App Vulnerability

Cybersecurity researchers at iVerify, in collaboration with Palantir Technologies and Trail of Bits, have uncovered a significant vulnerability in millions of Google Pixel devices worldwide. The flaw, ... Read more

Published Date: Aug 16, 2024 (4 months ago)
  • Cybersecurity News
CVE-2024-42479 (CVSS 10) in Popular Python Package llama_cpp_python Exposes Millions to RCE

Please enable JavaScriptA severe security vulnerability has been discovered in the widely-used AI library llama_cpp_python, potentially allowing threat actors to execute malicious code on affected sys ... Read more

Published Date: Aug 15, 2024 (4 months ago)
  • Cybersecurity News
CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published

MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing ... Read more

Published Date: Aug 15, 2024 (4 months ago)
  • Cybersecurity News
SAP Security Patch Day – August 2024: CVE-2024-41730 (CVSS 9.8) Vulnerability Exposes Systems to Full Control Exploit

SAP has released its monthly security patches for August 2024, addressing a range of vulnerabilities across its extensive product portfolio. The update includes fixes for 17 new security notes and 8 u ... Read more

Published Date: Aug 13, 2024 (4 months ago)
  • Cybersecurity News
Dark Skippy: New Threat Steals Secret Keys from Signing Devices

A serious security threat called Dark Skippy has emerged in the cryptocurrency world. This method allows malicious actors to extract private keys from transaction signing devices, such as hardware wal ... Read more

Published Date: Aug 12, 2024 (4 months ago)
  • Help Net Security
Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being ... Read more

Published Date: Aug 11, 2024 (4 months, 1 week ago)
  • BleepingComputer
CISA warns about actively exploited Apache OFBiz RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a ... Read more

Published Date: Aug 08, 2024 (4 months, 1 week ago)
  • Cybersecurity News
PoC Exploit Released for Apache OFBiz Remote Code Execution Flaw (CVE-2024-38856)

Today, cybersecurity researcher Zeyad Azima from SecureLayer7 and Youssef Muhammad have published a proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-38856) in the Apache OFBi ... Read more

Published Date: Aug 08, 2024 (4 months, 1 week ago)
  • Cybersecurity News
CVE-2024-21302, CVE-2024-38202: Zero-Day Vulnerabilities Expose Windows Systems to “Unpatching” Attacks

At Black Hat 2024, security researcher Alon Leviev from SafeBreach security researcher unveiled two zero-day vulnerabilities (CVE-2024-21302, CVE-2024-38202) that could be exploited to reverse patches ... Read more

Published Date: Aug 08, 2024 (4 months, 1 week ago)
  • TheCyberThrone
Google Fixes Android Zeroday Vulnerability CVE-2024-36971

Google has released patches for 46 bugs affecting its Android operating system in its August 2024 security update. This includes an actively exploited kernel vulnerability tracked as CVE-2024-36971 af ... Read more

Published Date: Aug 07, 2024 (4 months, 1 week ago)
  • TheCyberThrone
CISA adds CVE-2018-0824 to its KEV Catalog

The U.S. CISA added a deserialization of untrusted data vulnerability in Microsoft COM for Windows, tracked as CVE-2018-0824 with a CVSS score of 7.5, to its Known Exploited Vulnerabilities (KEV) cata ... Read more

Published Date: Aug 06, 2024 (4 months, 1 week ago)
  • TheCyberThrone
Apache InLong fixes Critical Vulnerability CVE-2024-36268

The Apache InLong project has issued a security advisory regarding a critical vulnerability discovered in its TubeMQ component, that could allow code injection flaw could allow remote attackers to exe ... Read more

Published Date: Aug 06, 2024 (4 months, 1 week ago)
  • Help Net Security
Researchers unearth MotW bypass technique used by threat actors for years

Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick ... Read more

Published Date: Aug 06, 2024 (4 months, 1 week ago)
  • Cyber Security News
Apache OFBiz Zero-Day Vulnerability Let Attackers Execute Remote Code

A critical zero-day vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system, has been discovered that could allow unauthenticated attackers to execute arbitrary code re ... Read more

Published Date: Aug 06, 2024 (4 months, 1 week ago)
  • The Hacker News
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

Enterprise Security / Vulnerability A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system t ... Read more

Published Date: Aug 06, 2024 (4 months, 1 week ago)
  • Dark Reading
Critical Apache OfBiz Vulnerability Allows Preauth RCE

Brian Jackson via Alamy Stock PhotoA critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat a ... Read more

Published Date: Aug 05, 2024 (4 months, 1 week ago)
  • TheCyberThrone
Apache OFBiz fixes CVE-2024-38856

Apache OFBiz has released an urgent security advisory due to the potential for unauthorized code execution.The vulnerability tracked as CVE-2024-38856 stems into an incorrect authorization handling wi ... Read more

Published Date: Aug 05, 2024 (4 months, 1 week ago)
  • Help Net Security
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulner ... Read more

Published Date: Aug 05, 2024 (4 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-38856 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2024/08/04/1
  • Initial Analysis by [email protected]

    Aug. 28, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://issues.apache.org/jira/browse/OFBIZ-13128 No Types Assigned https://issues.apache.org/jira/browse/OFBIZ-13128 Issue Tracking
    Changed Reference Type https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w No Types Assigned https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w Mailing List, Vendor Advisory
    Changed Reference Type https://ofbiz.apache.org/download.html No Types Assigned https://ofbiz.apache.org/download.html Product
    Changed Reference Type https://ofbiz.apache.org/security.html No Types Assigned https://ofbiz.apache.org/security.html Vendor Advisory
    Added CPE Configuration OR *cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* versions up to (including) 18.12.15
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Aug. 28, 2024

    Action Type Old Value New Value
    Added Vulnerability Name Apache OFBiz Incorrect Authorization Vulnerability
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Due Date 2024-09-17
    Added Date Added 2024-08-27
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 06, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 CISA-ADP AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE Received by [email protected]

    Aug. 05, 2024

    Action Type Old Value New Value
    Added Description Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
    Added Reference Apache Software Foundation https://ofbiz.apache.org/download.html [No types assigned]
    Added Reference Apache Software Foundation https://ofbiz.apache.org/security.html [No types assigned]
    Added Reference Apache Software Foundation https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w [No types assigned]
    Added Reference Apache Software Foundation https://issues.apache.org/jira/browse/OFBIZ-13128 [No types assigned]
    Added CWE Apache Software Foundation CWE-863
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38856 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38856 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability