Security News > 2023 > December > Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-12-26 CVE-2023-51467 Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz
The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code
network
low complexity
apache CWE-918
critical
9.8
2023-12-05 CVE-2023-49070 Unspecified vulnerability in Apache Ofbiz
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
network
low complexity
apache
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642