ERP Archives - Cyber Security Minute

Experts warn of critical Zero-Day in Apache OfBiz

Issued by: Security Affairs

Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) The issue resides in the login functionality and results from an incomplete patch for the Pre-auth…

Vulnerabilities

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Issued by: The Hacker News

A new zero-day security flaw has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was released…

Malware & Threats

Trigona Ransomware Trolling for ‘Poorly Managed’ MS-SQL Servers

Issued by: Dark Reading

The Trigona ransomware threat actors are waging a campaign against Microsoft SQL database servers because many of them have external connections and weak passwords, leaving them open targets for brute force or dictionary attacks. These vulnerable MS-SQL servers were designated as “poorly managed” by AhnLab Security’s new alert about Trigona’s nefarious activities. “If a threat…

Malware & Threats

Remote Code Execution Vulnerability Patched in Apache OFBiz

Issued by: Security Week

A Java-based web framework, Apache OFBiz is an open source enterprise resource planning (ERP) system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry. OFBiz is one of the platforms that was affected by a Java serialization vulnerability identified and reported in 2015,…