Cyber Security News

Critical Apache OFBiz Zero-day Flaw Exploited in the Wild

by Esmeralda McKenzie
written by Esmeralda McKenzie
Critical Apache OFBiz Zero-day Flaw Exploited in the Wild

Critical Apache OFBiz Zero-day Flaw Exploited in the Wild

Severe Apache OFBiz Zero-day Flaw Exploited in the Wild

Researchers uncovered a excessive authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS receive of 9.8 affecting Apache OFBiz’s originate-offer enterprise handy resource planning (ERP) procedure.

The vulnerability enables attackers to avoid easy Server-Facet Take a look at Forgery (SSRF) authentication.

EHA

The pre-authenticated RCE vulnerability tracked as CVE-2023-49070 results in the zero-day SSRF vulnerability CVE-2023-51467 in Apache OFBiz resulting from an incomplete patch.

“The protection measures taken to patch CVE-2023-49070 left the muse converse of affairs intact, and therefore, the authentication bypass used to be light conceal”, the SonicWall possibility be taught personnel shared with Cyber Safety Recordsdata.

The vulnerability CVE-2023-49070 stems from an out of date, no-longer-maintained XML-RPC ingredient within Apache OFBiz.

Doc

Free Webinar

Fastrack Compliance: The Course to ZERO-Vulnerability

Compounding the mission are zero-day vulnerabilities love the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that receive chanced on every month. Delays in fixing these vulnerabilities result in compliance considerations, these extend can even be minimized with a queer feature on AppTrana that ability that you can receive “Zero vulnerability document” within 72 hours.

Particulars of the Zero-Day Flaw That Affects Apache OfBiz

An originate-offer enterprise handy resource planning (ERP) procedure is is named Apache OfBiz. Though it will no longer sound acquainted, it’s broadly keep in in illustrious applications, including Atlassian’s JIRA, which extra than 120K enterprises affirm.

Thanks to this, correct love with many present chain libraries, if possibility actors carry reduction of this vulnerability, the results is probably to be excessive.

“This flaw would possibly perchance perchance also result in the publicity of sensitive data or even the flexibility to construct arbitrary code,” researchers said.

The login performance incorporates the vulnerability tracked as CVE-2023-51467. No matter the username, password, or other arguments in an HTTP ask, researchers chanced on that the magic string requirePasswordChange=Y is the principle offer of the authentication bypass.

Thanks to this, the vulnerability used to be no longer completely fastened by putting off the XML RPC code.

Affected Version

This vulnerability impacts Apache OFBiz earlier than 18.12.11.

Patch Now

Anybody working Apache OFbiz is knowledgeable to interchange to model 18.12.11 or better instantly.  To determine any active exploitation of this vulnerability, SonicWall has created an IPS signature, IPS: 15949, to boot to the fix.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...