Security News

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning system that could allow threat actors to achieve remote code execution on affected instances. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement.

An unnamed South Korean enterprise resource planning (ERP) vendor's product update server has been found to be compromised to deliver a Go-based backdoor dubbed Xctdoor. The AhnLab Security...

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The...

One such platform is Odoo, which happens to be one of the most popular open-source ERP solutions on the market. The only thing you'll need to deploy Odoo is a running server that supports Docker.

Accenture Federal Services, a subsidiary of Accenture has been awarded a $729 million contract to help the U.S. Army Communications-Electronics Command transform multiple enterprise resource planning systems into a single, consolidated model to improve efficiency, enhance readiness, and reduce costs. AFS will support the Army Shared Services Center with organizational change management, agile development, and quality assurance, among other capability support functions.

Admins of on-premises Sage X3 ERP deployments should check they're not exposing the enterprise resource planning suite to the public internet in case they fall victim to an unauthenticated command execution vulnerability. The infosec outfit described in detail the flaws, calling them "Protocol-related issues involving remote administration of Sage X3.".

The Apache Software Foundation on Friday addressed a high severity vulnerability in Apache OFBiz that could have allowed an unauthenticated adversary to remotely seize control of the open-source enterprise resource planning system. Tracked as CVE-2021-26295, the flaw affects all versions of the software prior to 17.12.06 and employs an "Unsafe deserialization" as an attack vector to permit unauthorized remote attackers to execute arbitrary code on a server directly.

With this acquisition, SailPoint unites identity security with separation of duties access controls monitoring for an organization's most critical applications, like SAP. This integrated approach addresses the growing risk of over-permissioned, excessive or conflicting access to business-critical systems and the sensitive financial, business and operational data within. "ERP Maestro brings an experienced team with a rich heritage in ERP-focused audit and compliance, coupled with a SaaS access control solution that will help us to extend identity security to wrap in SoD monitoring and access controls for our customers' most critical systems, including SAP and others," said Grady Summers, SailPoint's EVP of Products.