CVE-2024-1115 is a critical security vulnerability identified in openBI versions 1.0.0 through 1.0.8. The flaw resides in the dlfile function within the /application/websocket/controller/Setting.php file. Specifically, the vulnerability arises from improper handling of the phpPath argument, which allows an attacker to perform OS command injection. This means that an attacker can inject arbitrary operating system commands through the phpPath parameter, which the application then executes with the privileges of the web server process. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing the risk of exploitation. The CVSS v3.1 base score is 7.3, indicating a high severity level, with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L. This means the attack can be launched over the network with low attack complexity, no privileges or user interaction required, and impacts confidentiality, integrity, and availability to a limited extent. Although no public exploits have been reported in the wild yet, the vulnerability details have been disclosed publicly, which raises the risk of imminent exploitation. The CWE-78 classification confirms the root cause as OS command injection, a critical class of vulnerabilities that can lead to full system compromise if exploited successfully.

For European organizations using openBI versions up to 1.0.8, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary commands on affected servers, potentially leading to unauthorized data access, data manipulation, or disruption of business operations. Given that openBI is a business intelligence platform, compromised systems might expose sensitive corporate data or analytics, impacting confidentiality and business decision-making. The remote and unauthenticated nature of the exploit increases the threat surface, especially for organizations exposing openBI services to the internet or untrusted networks. Additionally, the ability to execute OS commands could be leveraged to pivot within internal networks, escalate privileges, or deploy ransomware or other malware, amplifying the impact. The vulnerability could also affect availability if attackers disrupt services or delete critical files. Overall, the threat could lead to financial losses, reputational damage, and regulatory compliance issues under GDPR if personal data is exposed or mishandled.

To mitigate this vulnerability, European organizations should immediately identify and inventory all openBI instances running versions 1.0.0 through 1.0.8. Since no official patch links are provided, organizations should monitor vendor announcements or trusted security advisories for patches or updates addressing CVE-2024-1115. In the interim, organizations should implement strict network-level controls to restrict access to openBI services, limiting exposure to trusted internal networks only. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting the phpPath parameter. Conduct thorough input validation and sanitization on any user-supplied data if custom modifications to openBI are possible. Additionally, run openBI services with the least privilege necessary to limit the impact of potential command execution. Regularly monitor logs for unusual command execution or access patterns. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect OS command injection attempts. Finally, prepare incident response plans to quickly isolate and remediate affected systems if exploitation is detected.