Vulnerabilities

Experts warn of critical Zero-Day in Apache OfBiz

Issued by: Security Affairs

Source
Advertisement


Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system.

An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)

The issue resides in the login functionality and results from an incomplete patch for the Pre-auth RCE vulnerability CVE-2023-49070 (CVSS score: 9.8).

SonicWall researchers pointed out that the Apache OfBiz is part of the supply chain of prominent software, such as Atlassian’s JIRA (used by over 120K companies).

Read more
You might also like
Malware & Threats, Vulnerabilities

Warning! Windows 10 Fake Update is Actually Ransomware

Vulnerabilities

Super FabriXss vulnerability in Microsoft Azure SFX could lead to RCE

Vulnerabilities

5 Unsettling cyberthreats

Vulnerabilities

Vulkan Playbook Leak Exposes Russia’s Plans for Worldwide Cyberwar

Advertisement