Security News > 2023 > December > Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
2023-12-28 16:20
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits.
Online URL. The researchers further said those scanning vulnerable servers are particularly interested in finding vulnerable Confluence servers.
To minimize the risk, users of Apache OFBiz are recommended to upgrade to version 18.12.11 as soon as possible.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
News URL
Related news
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)