Apache OFBiz Archives - Security Affairs

Pierluigi Paganini August 05, 2024

Researchers warn of a new critical Apache OFBiz flaw

Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw. Experts urge organizations to address a new critical vulnerability, tracked as CVE-2024-38856, in Apache OFBiz. The vulnerability is an incorrect authorization issue in Apache OFBiz that impacts versions through 18.12.14, version 18.12.15 addressed the flaw. “Unauthenticated […]

Pierluigi Paganini January 12, 2024

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) […]

Pierluigi Paganini December 28, 2023

Experts warn of critical Zero-Day in Apache OfBiz

Experts warn of a zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Experts warn of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. An attacker can trigger the vulnerability, tracked as CVE-2023-51467, to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF) […]

Pierluigi Paganini March 22, 2021

RCE flaw in Apache OFBiz could allow to take over the ERP system

The Apache Software Foundation fixed a high severity remote code execution flaw in Apache OFBiz that could have allowed attackers to take over the ERP system. The Apache Software Foundation addressed last week a high severity vulnerability in Apache OFBiz, tracked as CVE-2021-26295, that could have allowed a remote, unauthenticated attacker to take over the […]

Apache OFBiz

Researchers warn of a new critical Apache OFBiz flaw

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Experts warn of critical Zero-Day in Apache OfBiz

RCE flaw in Apache OFBiz could allow to take over the ERP system

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

New Batavia spyware targets Russian industrial enterprises

Taiwan flags security risks in popular Chinese apps after official probe

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

QUICK LINKS

Apache OFBiz

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!