#OFBiz

Apache fixes critical OFBiz remote code execution vulnerability

by

September 5, 2024 at 05:35PM Apache has addressed a critical security vulnerability in its OFBiz software, allowing attackers to execute arbitrary code on Linux and Windows servers. The flaw, tracked as CVE-2024-45195, was discovered by Rapid7. This is a remote code execution issue caused by a forced browsing weakness. Users are urged to upgrade to … Read more

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

by

August 2, 2024 at 07:00AM Enterprise Resource Planning (ERP) Software, including the open-source framework OFBiz, faces critical security vulnerabilities, as demonstrated by the exploitation of a directory traversal flaw. The SANS Internet Storm Center reported an increase in exploit attempts, with attackers targeting OFBiz using the Mirai botnet. The vulnerabilities pose a threat to sensitive … Read more