Security News > 2023 > December > Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
2023-12-27 15:39
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was
News URL
https://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html
Related news
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical GitHub Attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-51467 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | 9.8 |
| 2023-12-05 | CVE-2023-49070 | Unspecified vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |