#CVE202349070

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

by

December 29, 2023 at 06:12AM Shadowserver Foundation reports in-the-wild exploitation attempts targeting a critical vulnerability in Apache OFBiz ERP system, leading to attempted server-side request forgery and exposure to sensitive information. SonicWall uncovered a related incomplete patch vulnerability, CVE-2023-51467, prompting a release of version 18.12.11 to fix the issue. Organizational system patching is strongly recommended. … Read more

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

by

December 28, 2023 at 11:21AM Apache OFBiz, utilized for business operations, contains a critical pre-authentication remote code execution vulnerability, CVE-2023-49070, actively being exploited. A patch to resolve the issue was found incomplete, resulting in the discovered bypass flaw, CVE-2023-51467. The urgency for users to upgrade to version 18.12.11 is emphasized due to the risk of … Read more