ERP

Vulnerabilities

Issued by: Dark Reading

A critical pre-authentication remote code execution (RCE) security vulnerability in Apache OFBiz could open organizations to data theft, lateral movement by threat actors into various applications and parts of their networks, and more. The bug, tracked as CVE-2024-38856, carries a notably high CVSS score of 9.8, given how impactful exploitation could be. Apache OFBiz is…

Vulnerabilities

Issued by: Security Affairs

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the Pre-auth…

Vulnerabilities

Issued by: The Hacker News

A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released…

Malware & Threats

Issued by: Dark Reading

The Trigona ransomware threat actors are waging a campaign against Microsoft SQL database servers because many of them have external connections and weak passwords, leaving them open targets for brute force or dictionary attacks. These vulnerable MS-SQL servers were designated as “poorly managed” by AhnLab Security’s new alert about Trigona’s nefarious activities. “If a threat…

Malware & Threats

Issued by: Security Week

A Java-based web framework, Apache OFBiz is an open source enterprise resource planning (ERP) system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry. OFBiz is one of the platforms that was affected by a Java serialization vulnerability identified and reported in 2015,…

Cloud Security

Issued by: Security Week

Security Expectations and Mis-Conceptions in Migrating ERP to the Cloud

Digital transformation is increasing the need for enterprise resource planning (ERP) systems to allow organizations to manage the entirety of their business in a coordinated manner. Globalization is forcing organizations to consider cloud solutions to prevent disjointed business operation across multiple global locations — and even smaller companies are simply attracted by the economies and…