Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

An open-source Enterprise Resource Planning (ERP) system called Apache OfBiz has a newly found zero-day security vulnerability that might be used to get around authentication safeguards. The vulnerability, identified by the tracking number CVE-2023-51467, is related to the login functionality and arises from an insufficient patch that was previously provided earlier this month for another significant vulnerability (CVE-2023-49070, CVSS score: 9.8).

“The authentication bypass was still present because the security measures taken to patch CVE-2023-49070 left the root issue intact,” the threat research team from SonicWall Capture Labs, who found the bug, said in a statement shared by The Hacker News. CVE-2023-49070 is the name of a pre-authenticated remote code execution vulnerability that affects versions older than 18.12.10 and can be exploited effectively.

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

27-Dec-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address