CVE-2024-38856

Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker. Vendor/Product: Apache OFBiz. Added to CISA KEV 2024-08-27; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.