Security
Headlines
HeadlinesLatestCVEs

Headline

Apache OFBiz 18.12.09 Remote Code Execution

Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability.

Packet Storm
#vulnerability#web#apache#rce#auth#jira
From: Jacques Le Roux <jleroux () apache org>Date: Mon, 04 Dec 2023 21:04:50 +0000Severity: moderateAffected versions:- Apache OFBiz before 18.12.10Description:Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained still present.This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10This issue is being tracked as OFBIZ-12812 Credit:Siebene@ (finder)References:https://ofbiz.apache.org/download.htmlhttps://ofbiz.apache.org/security.htmlhttps://ofbiz.apache.org/release-notes-18.12.10.htmlhttps://ofbiz.apache.org/https://www.cve.org/CVERecord?id=CVE-2023-49070https://issues.apache.org/jira/browse/OFBIZ-12812-----Packet Storm NoteBelow is the proof of concept circulating on twitter:#POC: /webtools/control/xmlrpc;/?USERNAME=&PASSWORD=s&requirePasswordChange=Y

Related news

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in the login functionality and is the result of an incomplete patch for another critical vulnerability (CVE-2023-49070, CVSS score: 9.8) that was

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution