Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack


An open-source Enterprise Resource Planning (ERP) system called Apache OfBiz has a newly found zero-day security vulnerability that might be used to get around authentication safeguards. The vulnerability, identified by the tracking number CVE-2023-51467, is related to the login functionality and arises from an insufficient patch that was previously provided earlier this month for another significant vulnerability (CVE-2023-49070, CVSS score: 9.8).

“The authentication bypass was still present because the security measures taken to patch CVE-2023-49070 left the root issue intact,” the threat research team from SonicWall Capture Labs, who found the bug, said in a statement shared by The Hacker News. CVE-2023-49070 is the name of a pre-authenticated remote code execution vulnerability that affects versions older than 18.12.10 and can be exploited effectively.

Read More…