January 8, 2024 at 12:50PM
SonicWall has observed thousands of daily exploitation attempts targeting the Apache OFBiz zero-day vulnerability. The severity is near-maximum, with a 9.8 rating, allowing attackers to bypass authentication and execute arbitrary code. They urge immediate upgrading to OFBiz version 18.12.11 to address this and another equally serious vulnerability. Apache OFBiz has a wide user base, prompting the need for swift action and acknowledging Apache OFBiz’s team’s quick response to the issue.
From the meeting notes, the key takeaways are:
– SonicWall has observed a significant number of exploitation attempts for the Apache OFBiz zero-day vulnerability, which remains consistent into the new year.
– Users of the Apache Software Foundation framework, particularly OFBiz, are urged to immediately upgrade to version 18.12.11, which patches both the zero-day vulnerability (CVE-2023-51467) and another serious vulnerability (CVE-2023-49070).
– The authentication bypass vulnerability (CVE-2023-51467) allows attackers to remotely execute arbitrary code and access sensitive information.
– The root cause of the vulnerabilities was found to be in the login functionality, and failing to patch it left the authentication bypass vulnerability unaddressed.
– Atlassian’s Jira, which uses a fork of Apache’s OfBiz Entity Engine module, is confirmed not to be vulnerable.
– SonicWall researchers have developed test cases demonstrating how the exploitation of the vulnerabilities was possible and have confirmed that they are no longer successful after the patch.
– The response and remediation by the Apache OFBiz team have been commended by SonicWall, with the team demonstrating care for the security of their customers.
These takeaways highlight the urgency of upgrading to the patched version of OFBiz and the importance of promptly addressing critical vulnerabilities to safeguard sensitive information and prevent remote code execution.