Webinar

AI-LLM-webinar-card

1/4

eBook

Get eBook worth $199 for Free

DOWNLOAD NOW

2/4

Blog

Why AccuKnox is the most MSSP Ready CNAPP?

LEARN MORE

3/4

Comparison

Searching for Alternative CNAPP?

COMPARE NOW

4/4

securing apache ofbiz feat

Securing Apache OFBiz from CVE-2024-38856 with AccuKnox

Aditya Raj | November 30, 2024

Vulnerability Overview Apache OFBiz, a widely used open-source ERP platform, has a critical vulnerability CVE-2024-38856 which allows remote command execution (RCE). This flaw enables attackers to run arbitrary commands on the server, potentially leading to full system compromise. This blog will demonstrate how to exploit this vulnerability in a Kubernetes environment and show how AccuKnox […]

Reading Time: 3 minutes

Table of Contents

Vulnerability Overview

Apache OFBiz, a widely used open-source ERP platform, has a critical vulnerability CVE-2024-38856 which allows remote command execution (RCE). This flaw enables attackers to run arbitrary commands on the server, potentially leading to full system compromise.

This blog will demonstrate how to exploit this vulnerability in a Kubernetes environment and show how AccuKnox Runtime Security can mitigate the attack in real-time.

The vulnerability stems from Apache OFBiz’s handling of user inputs, enabling attackers to send specially crafted requests that can execute arbitrary commands. This command execution could lead to unauthorized access and control over the system. The flaw is found in all versions of OFBiz before the patch.

CVSS Information

Severity: Critical (CVSS 9.8/10)
Affected Versions: Apache OFBiz (versions before 18.12.14)
Root Cause: Improper handling of user inputs, allowing command injection
Potential Impact: Remote command execution (RCE), unauthorized access to the system

Simulating the Attack in a Kubernetes Cluster

To demonstrate the impact of CVE-2024-38856, we’ve deployed Apache OFBiz (version 18.12) to a Kubernetes (K8s) cluster.

SecuringApacheOFBiz 1

With Apache OFBiz running in our Kubernetes cluster, we will exploit CVE-2024-38856 to attempt to execute unauthorized commands, and we will use the proof-of-concept (PoC) script to demonstrate this attack. Detailed instructions and the PoC script can be found at this link.

python3 -u cve-2024-38856_Scanner.py --target https://ofbiz:8443/ --exploit -c "whoami"

The command is executed successfully, revealing the current user and confirming the exploitability of the vulnerability.

Defend with AccuKnox Runtime Security

AccuKnox Runtime Security provides powerful, real-time protection against unauthorized or malicious activities by enforcing security policies directly in your environment. By integrating AccuKnox’s policies, you can proactively block exploitation attempts and secure sensitive files from unauthorized access.

Let’s walk through the steps to protect Jenkins from such attacks using AccuKnox Runtime Security:

Ensure AccuKnox Runtime Security is Configured
Verify that AccuKnox Runtime Security is installed and configured on your Kubernetes cluster to enable security enforcement.

Navigate to Policies
In the AccuKnox dashboard, go to the Policies section under the Runtime Security tab.

SecuringApacheOFBiz 3

Upload or Edit a Policy for Jenkins
Upload a pre-configured policy or use the policy editor to create a custom policy for Apache OFBiz. And activate the policy.

SecuringApacheOFBiz 4


apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: ofbiz-policy-disallow-exec
  namespace: demo
spec:
  selector:
    matchLabels:
      app: ofbiz
  severity: 1
  message: "disallow execing from java process"
  process:
    matchDirectories:
    - dir: /usr/bin/
      recursive: true
      fromSource:
      - path: /opt/java/openjdk/bin/java
  action:
    Block

To block unauthorized command executions, we created a custom policy within AccuKnox that targets the Java process running OFBiz. The policy ensures that no unauthorized commands can be executed from /usr/bin/, where OFBiz interacts with system processes.

Once AccuKnox Runtime Security policies are enforced, the attempt to execute system commands, such as the whoami command, is blocked, preventing unauthorized access and execution and ensuring the integrity of the system.

After the policy enforcement, an alert is triggered in the AccuKnox SaaS dashboard, notifying us of the blocked access attempt. The alert provides detailed information about the blocked activity, including the source of the request that was protected.

SecuringApacheOFBiz 6

CVE-2024-38856 highlights a significant vulnerability in Apache OFBiz that could be exploited for remote code execution. By leveraging AccuKnox Runtime Security, we were able to block this attack in real-time and gain complete visibility into the threat through the SaaS dashboard.

You can protect your workloads in minutes using AccuKnox, it is available to protect your Kubernetes and other cloud workloads using Kernel Native Primitives such as AppArmor, SELinux, and eBPF.

Let us know if you are seeking additional guidance in planning your cloud security program.

Continue Reading

IngressNightmare_featured image

IngressNightmare? How AccuKnox Virtual Patching Mitigates CVE-2025-1974

Read More

CNAPP Glossary

Top 10 CNAPP Terms You Need to Know – A Cloud Security Glossary

Read More

Oracle Cloud Breach

Oracle Cloud Breach – CVE-2021-35587: AccuKnox CNAPP Provides Immediate Incident Response Runtime Security

Read More

Get a LIVE Tour

Ready for a personalized security assessment?

“Choosing AccuKnox was driven by opensource KubeArmor’s novel use of eBPF and LSM technologies, delivering runtime security”

Golan Ben-Oni

Chief Information Officer

“At Prudent, we advocate for a comprehensive end-to-end methodology in application and cloud security. AccuKnox excelled in all areas in our in depth evaluation.”

Manoj Kern

CIO

“Tible is committed to delivering comprehensive security, compliance, and governance for all of its stakeholders.”

Merijn Boom

Managing Director