December 29, 2023 at 06:12AM
Shadowserver Foundation reports in-the-wild exploitation attempts targeting a critical vulnerability in Apache OFBiz ERP system, leading to attempted server-side request forgery and exposure to sensitive information. SonicWall uncovered a related incomplete patch vulnerability, CVE-2023-51467, prompting a release of version 18.12.11 to fix the issue. Organizational system patching is strongly recommended.
Key takeaways from the meeting notes:
1. Shadowserver Foundation has observed attempts to exploit a critical vulnerability in Apache OFBiz, a popular open source enterprise resource planning (ERP) system.
2. The vulnerability, tracked as CVE-2023-51467, can be used to bypass authentication, achieve server-side request forgery (SSRF), and potentially execute arbitrary code.
3. SonicWall disclosed the details of CVE-2023-51467, which was discovered during a root cause analysis of a previous OFBiz bug, CVE-2023-49070.
4. Apache OFBiz developers have released version 18.12.11 to address the CVE-2023-51467 vulnerability.
5. Proof-of-concept (PoC) exploits for CVE-2023-49070 have been publicly available, and Shadowserver has observed multiple scans targeting this vulnerability.
6. Organizations are urged to ensure their systems are patched against the newer vulnerability (CVE-2023-51467).
7. There has been a significant drop in the number of internet-exposed OFBiz instances, according to the internet search engine Hunter.
8. Threat actors have been scanning for systems affected by other critical Apache vulnerabilities, such as CVE-2023-50164 and CVE-2023-46604.
Please let me know if you need any further information or if there are any specific actions to be taken based on these insights.