Security News > 2023 > December > Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
2023-12-27 15:39
A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was
News URL
https://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html
Related news
- Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP (source)
- New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution (source)
- Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
- Windows MSHTML zero-day used in malware attacks for over a year (source)
- Japanese space agency spotted zero-day attacks while cleaning up raid on M365 (source)
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) (source)
- Google fixes Android kernel zero-day exploited in targeted attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-26 | CVE-2023-51467 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | 9.8 |
| 2023-12-05 | CVE-2023-49070 | Code Injection vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |