CyberSecurityBoard
Sponsor Register Login

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system.
Apache OFBiz is leveraged by several ERP and other types of projects, including the widely used Atlassian Jira issue tracking and project management software.
The nonprofit cybersecurity organization Shadowserver reported seeing signs of in-the-wild exploitation for an Apache OFBiz vulnerability tracked as CVE-2023-49070 shortly after details of a different OFBiz bug, CVE-2023-51467, were disclosed by SonicWall.
Whose researchers discovered CVE-2023-51467 during a root cause analysis of CVE-2023-49070, disclosed technical details on December 26.
The security firm explained that CVE-2023-51467 is the result of an incomplete patch for CVE-2023-49070.
Apache OFBiz developers were notified about CVE-2023-51467 and version 18.12.11 was released last week to fix the vulnerability.
The security hole can be exploited to bypass authentication and achieve server-side request forgery, enabling the attacker to obtain sensitive information and possibly to execute arbitrary code.
The organization said the available PoCs have been used to look for vulnerable systems, and later clarified that attackers have also attempted to execute arbitrary code on impacted hosts.
Shadowserver has urged organizations to ensure that their systems are patched against the newer vulnerability as well.
According to the internet search engine Hunter, there were 170 internet-exposed OFBiz instances in early December, but that number has now dropped to just over 70.
This is not the only critical Apache vulnerability targeted by threat actors in recent weeks.
Hackers have also been scanning the internet for systems affected by CVE-2023-50164, a Struts 2 flaw that allows remote code execution.
It also came to light recently that an Apache ActiveMQ vulnerability tracked as CVE-2023-46604 had been exploited as a zero-day.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 29 Dec 2023 11:43:05 +0000


Cyber News related to Critical Apache OFBiz Vulnerability in Attacker Crosshairs

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers - A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Apache OFBiz is an open-source enterprise resource planning system many businesses use for e-commerce ...
5 months ago Bleepingcomputer.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
5 months ago Securityweek.com
Critical Apache OFBiz Vulnerability in Attacker Crosshairs - The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning system. Apache OFBiz is leveraged by several ERP and other types of projects, including the ...
5 months ago Packetstormsecurity.com
Critical Apache OFBiz Zero-day Flaw Exploited in the Wild - Researchers uncovered a critical authentication bypass zero-day flaw tracked as CVE-2023-51467, with a CVSS score of 9.8 affecting Apache OFBiz's open-source enterprise resource planning system. The vulnerability allows attackers to bypass simple ...
5 months ago Cybersecuritynews.com
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OfBiz, an open source ERP system with what researchers described as a surprisingly wide ...
5 months ago Go.theregister.com
Apache OFBiz 0-day sees thousands of daily exploit attempts The Register - SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide ...
5 months ago Packetstormsecurity.com
Barracuda ESG, Apache OfBiz Vulnerabilities Persist - While the number of reported vulnerabilities sometimes decrease over the Christmas and New Year's holidays, active and potential exploits are no less threatening. During the past couple weeks, Google has seen multiple vulnerabilities, including a ...
5 months ago Esecurityplanet.com
CVE-2021-37608 - Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at ...
2 years ago
Imperva defends customers against recent vulnerabilities in Apache OFBiz - On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery by ...
5 months ago Imperva.com
CVE-2018-8033 - In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint ...
5 years ago
Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug - Concerns are high over a critical, recently disclosed remote code execution vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java ...
6 months ago Darkreading.com
Hackers target Apache RocketMQ servers vulnerable to RCE attacks - Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities ...
5 months ago Bleepingcomputer.com
CVE-2019-0189 - The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the ...
6 months ago
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
6 months ago Bleepingcomputer.com
The Threat That Can't Be Ignored: CVE-2023-46604 in Apache ActiveMQ - There is another vulnerability that demands immediate attention, despite not receiving the level of recognition it truly deserves in the media. Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a Remote Code Execution flaw rated at a ...
2 months ago Cybersecurity-insiders.com
Hackers are exploiting critical Apache Struts flaw using public PoC - Hackers are attempting to leverage a recently fixed critical vulnerability in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code. It appears that threat actors have just ...
6 months ago Bleepingcomputer.com
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks - Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications. Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system ...
5 months ago Cybersecuritynews.com
Real-Time Data Warehousing Based on Apache Doris - This is a whole-journey guide for Apache Doris users, especially those from the financial sector, which requires a high level of data security and availability. If you don't know how to build a real-time data pipeline and make the most of the Apache ...
5 months ago Feeds.dzone.com
Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. The flaw is tracked as CVE-2023-22527, ...
5 months ago Bleepingcomputer.com
CVE-2022-47501 - Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  ...
1 year ago
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
5 months ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
5 months ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
5 months ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
5 months ago Cybersecurity-insiders.com
Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. - Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as ...
5 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)